►
From YouTube: IETF100-HRPC-20171117-0930
Description
HRPC meeting session at IETF100
2017/11/17 0930
https://datatracker.ietf.org/meeting/100/proceedings/
E
Aha,
hello,
Good
Friday
morning
to
all
of
you
and
thanks
so
much
for
being
here
after
a
after
a
long
week
of
itea,
so
that's
very
much
appreciated.
We
also
got
a
full
agenda
with
a
lot
of
interesting
speakers.
Presentations
discussions,
both
remote
and
locally,
so
you're
set
up
for
an
exciting
two
hours
with
Alfred
Oriya
and
me
Nielsen
over
as
your
co-chairs.
You
are
here
in
the
Human
Rights
protocols,
considerations,
research
group,
which
is
an
effort
of
the
internet
research
task
force.
E
E
Going
once,
yes
thank
you
and
then
a
jabber
scribe
wherever
jabbers
cried,
we
have
a
jabber
thanks.
So
much.
E
E
So
please
also
review
documents
to
not
only
author
them
or
do
not
only
check
your
email,
because
the
quality
of
our
work
here
is
dependent
on
reviews,
so,
as
a
rule
of
the
thumb
amount
of
for
the
amount
of
documents
that
you
contribute,
please
at
least
review
twice
as
much
the
status
of
the
research
group
we've
been
at
this
since
roughly
2015
we've
had
we've
made
quite
some
progress
since
last
session.
We
also
have
an
RFC
that
came
out
of
our
work
80
to
80,
but
we'll
touch
upon
more
of
that
work
during
the
session.
E
In
a
technical
community,
someone
who
has
looked
at
this
in
great
depth,
especially
the
technical
community
and
their
understanding
about
rights
and
civil
liberties,
Sandra
brahmanna
of
Texas
A&M
University
Sundra,
is
a
very
authoritative
author
in
the
field
of
governance,
studies
and
science
and
technology
studies
and
Sandra
has
read
a
lot
of
RFC's
and
analyzed
them
carefully,
even
though
it
was
sometimes
as
reading
Martian
upside-down.
As
she
said
herself,
she
will
tell
us
a
bit
about
those
experiences,
the
conclusions
that
she
was
able
to
draw
from
that
and
what
that
could
mean
for
us
Sandra.
F
F
Further,
the
question
of
human
rights
and
civil
liberties
in
the
course
of
the
internet
design
process
was
introduced
first
as
a
joke
by
Vint
Cerf,
who
has
added
this
question
of
life:
liberty
and
the
pursuit
of
happiness
fairly
early
on
making
fun
of
the
whole
possibility.
But
of
course,
surely
it
was
realized
that
actually,
these
were
really
fundamentally
important.
F
Issues
for
the
design
community
I
want
to
put
what
we're
talking
about
here
within
the
general
political
and
legal
context,
we're
undergoing
transformation
in
law,
State,
Society
relations
that
historians
of
the
law
described
as
as
profound
in
terms
of
their
importance
as
what
we
experienced
at
the
Westphalian
moment
several
hundred
years
ago,
when
the
international
system
of
states
was
first
formed.
In
other
words,
historians
of
the
law
and
political
scientists
believe
that
we
are
at
a
sort
of
500
year
rhythm
of
profound
transformations
in
the
nature
of
our
political
and
legal
systems.
F
That
includes
a
growing
tension
between
geopolitical
citizenship
and
what
I
have
called
in
a
publication:
networks,
citizenship
and
I'll-
be
referring
to
that
concept.
As
we
go
through
today,
I
we
have
what
I
described
as
an
informational
state.
That
is
a
form
of
state
that
preferences,
informational
power
over
power
and
it's
instrumental
form
I'm
hitting
you
over
the
head.
F
It's
structural
forms,
I'm,
shaping
the
institutions
and
rules
that
you
follow
and
symbolic
forms
I'm
persuading
you
how
to
think,
but
as
the
informational
state
evolves,
it
becomes
less
and
less
confident
about
what
its
identity
even
is.
When
you
look
at
the
Talon
manuals,
which
are
places
where
the
international
legal
scholars
have
looked
at,
how
existing
international
law
applies
to
cyber
crime
and
cyber
warfare,
they
have
moved
to
the
concept
of
emanations.
They
are
never
sure
when
informational
network
presences
outside
of
the
geopolitical
boundaries
are
actually
those
of
the
state
or
not.
F
So
as
we
become
more
and
more
informational,
II,
intense
and
network
reliant,
the
very
identity
of
the
state
as
a
functional
entity
is
coming
into
increasing
question.
We
are
seeing
the
appearance
of
new
policy
principles,
and
the
first
that
has
become
evident
to
me
is
the
right
not
to
know
we've
seen
it
for
the
state.
Again.
When
you
look
at
international
laws
of
warfare,
States
prefer
increasingly
not
to
know
what's
going
on
in
their
networks,
because
then
they
have
a
kind
of
responsibility
for
that
they
would
prefer
not
to
have.
F
We
have
that
at
the
individual
level
as
there
as
the
right
to
be
forgotten,
and
it's
just
worth
pointing
out
here
that
we
have
us.
We
have
certain
human
rights
principles
that
we
have
assumed
for
hundreds,
even
in
in
some
cases,
a
thousand
years
to
be
fundamental
to
how
we
are
as
humans,
but
we're
also
seeing
new
principles
appearing,
and
we
need
to
keep
an
eye
out
for
those
and
think
about
what
they
mean
for
those
with
which
we
are
most
familiar.
F
It
is
becoming
more
difficult
to
identify
what
is
even
the
subject
of
the
law
in
the
digital
environment.
So,
on
the
one
hand
we
have
this
growing
body
of
robot
law
and
actually
serious
discussions
of
treating
BOTS,
whether
materially,
embodied
or
not
as
legal
subjects,
and
you
have
the
question
which
they'll
WikiLeaks,
the
Chelsea
Manning
trial,
brought
to
our
attention.
F
The
problem
of
how
you
deal
with
a
unit
like
an
autonomous
network
in
the
government,
the
US
government's
case
in
the
Manning
trial,
actually
put
forward
a
number
of
different
ways
of
thinking
about
WikiLeaks
as
a
legal
subject
that
ranged
from
the
obvious
the
biological.
It's
like
it's
like
an
onion
with
with
a
number
of
layers.
So
at
the
center
you
have
the
biological
entity.
F
We
understand
Julian
Assange,
Chelsea
Manning,
but
at
the
outer
rim
the
US
government
actually
got
a
court
to
sign
off
on
treating
anyone
who
had
looked
at
Twitter
about
WikiLeaks,
maybe
because
you
were
just
curious
as
a
member
of
WikiLeaks
I'm,
legally
responsible
for
everything
that
happened.
They
haven't
acted
on
that,
but
they
put
that
definition
of
WikiLeaks
forward
in
terms
of
who
is
involved
with
what
went
on
as
and
should
be
legally
subject
to
of
legally
accountable
for
it.
F
F
If
the
oldest
solar
pool
in
a
seminal
book,
I
still
highly
recommend
in
1983
pointed
out
that
predicted
that,
as
the
legal
systems
converged
in
its
necessary
response
to
the
governance
of
technologies,
it
was
likely
that
the
most
repressive
elements
of
each
system
would
be
the
ones
that
dominated,
and
in
fact
that
is
what
we
are
seeing
to
put
it
mildly.
We
are
having
this
conversation
today
during
a
period
in
which
human
rights
are
under
extreme
and
intensifying
threat.
F
Among
the
things
that's
going
on,
though,
is
a
movement
away
from
the
facts
as
the
basis
for
decision-making,
political
and
legal
decision-making,
and
so
that's
that's
very
important
from
the
human
rights
perspective
about
2005
the
FBI
in
the
u.s.
got
into
trouble
because
under
the
USA
PATRIOT
Act,
it
was
identifying
targets
of
surveillance
on
the
basis
of
what
turned
out
to
be
bad
information
from
a
criminal
information
database
and
when
confronted
with
the
problem,
the
Congress
actually
gave
FBI
the
right
to
target
individuals
for
surveillance
on
the
basis
of
no
information
at
all.
F
That
was
the
solution
to
the
problem.
We
have
seen
the
growth
of
what
I
call
evidence
averse
policymaking,
since
the
1970s
actually
and,
of
course,
under
the
current
administration,
that
has
that
trend
has
been
profoundly
exacerbated
in
that
kind
of
context.
Whether
or
not
personal
information
is
leaking
becomes
frankly
irrelevant
irrelevant.
There
are
other
things
identifying
people
who
are
of
interest,
so
the
research
that
I'm
presenting
a
few
bits
from
today
was
funded
by
the
US
National
Science
Foundation.
F
The
question
was
how
technical
decision-makers
for
the
internet-
you
folks
thought
about
legal
in
policy
and
it
turned
out
political
issues
in
the
course
of
the
design
process.
It
was
not
only
to
me
martien
upside
down,
but
in
a
mirror
it
was
since
I'm,
not
a
computer
scientist
I
did
have
computer
scientists
advising
me
as
I
went
along
and
I've
been
very
pleased.
I
must
say
in
the
years
I've
been
presenting
this
at
the
number
of
people
within
your
community
who
have
found
themselves
very
interestingly
reflected
so
I'm
always
pleased
open
to
critique.
F
Policy
issues
showed
up
very
early
I'd
like
to
show
you
a
bit
of
what
you
you're
thinking
looks
like
from
the
perspective
of
a
legal
scholar
and
a
policy
analyst
security
shows
up
in
1970
by
1971,
there's
already
talking
about
commercialization
of
the
Internet
already
talking
about
access
to
the
network
and
in
rural
areas,
the
malicious
environment,
of
course,
and
internationalization
by
1972
they're.
Already
talking
about
environmental
and
energy
problems,
1973,
we
get
the
need
for
user
authentication
and
spam.
F
There
are
there's
a
lot
of
attention
to
policymaking
within
the
RFC's.
There
are
announcements
of
positions.
This
is
what
Internet
telephony
is.
There
was
an
effort
to
say
that
wiretapping
was
outside
the
scope.
This
was
during
the
Vietnam
War
era
and
there
were
a
number
of
very
strong
political
statements
before
the
arsy
process
became
so
formalized
about
whether
or
not
people
involved
in
the
design
process
should
be
serving
the
goals
of
the
US
government.
So
they
did
establish
policy
positions,
they
treat
they.
F
You
treat
general
legal
issues
like
fraud
and
privacy
is,
from
the
beginning
the
most
frequently
discussed
policy
issue,
although
privacy
is
also
a
good
example
of
why
I
did
an
inductive
reading
rather
than
using
a
computerized
textual
analysis.
I
found
actually
18%
of
the
documents
dealt
with
had
the
word
privacy,
but
6%
of
those
were
actually
spurious
references.
If
you
were
reading
for
actual
discussion
of
privacy
issues,
it's
other
terminology
hide
your
input,
other
kinds
of
things,
and
so
I
really
believe
that
in
this
terrain,
that
computerized
analysis
is
very
iffy.
F
The
subject
matter
keeps
changing.
The
language
keeps
changing
and
so
forth
and,
of
course,
there
was
attention
to
Internet
specific
legal
issues.
There
are
responses,
direct
responses
to
US
law.
It
was
a
comment
about
something
that
was
sought
technically
but
may
not
have
been
possible
under
the
existing
regulatory
environment
in
the
u.s..
At
that
point,
references
to
cryptic
cryptographic,
specifications
under
national
security
law
in
the
US
and
responses
to
laws
of
other
countries.
It
was
the
Canadian
government
that
showed
up
in
the
RFC
process.
F
F
Deductive
analysis:
you
start
with
your
hypothesis.
You
have
a
theoretically
based
idea
about
what
you
expect
to
find,
and
then
you
develop
methods
and
indicators
for
how
to
find
that
out
and
then
verify
or
support
your
hypothesis
or
find
you
must
discard
it
or
change
it
in
an
inductive
reading.
You
are
reading
and
learning
the
concepts
from
the
text,
so
you're
building
theory
from
the
text
up
interpreting
the
concepts
from
the
text
up
rather
than
walk
in
with
concepts
in
your
head
in
a
preconceived
manner.
Thank
you.
F
There
is
policy
analysis
that
takes
place
in
the
RFC.
So,
of
course,
there's
a
lot
of
technical
background
for
the
network
neutrality
debate.
This
is
one
of
my
kind
of
pet
peeves
in
the
network,
neutrality,
environment,
all
the
social
scientists
and
activists
and
advocates
who
are
asking
Internet
designers
to
think
about
fairness.
Of
course
you
have
been
thinking
about
fairness.
F
All
the
way
along
the
problem
is
that
every
door
you
open
is
a
door
that
is
shut
and
it's
very
complicated
to
figure
out
who's
going
to
win
and
who's
going
to
lose
and
how
to
balance
it.
So
this
is
an
example
of
an
area
in
which
I
think
that
those
working
in
the
political
and
legal
environments
around
network
neutrality
could
gain
a
lot
from
exposure
to
the
kind
of
thinking
that
you
all
have
put
into
this
area.
I
have
a
journal
article
about
to
come
out
on
that.
F
We
have
some
response
to
the
spam
law
from
Congress
that
simply
didn't
the
US
Congress
that
simply
didn't
work
for
technical
reasons.
Again
an
example
of
why
people
and
the
political
and
legal
environments
should
be
paying
much
more
attention
to
and
know
much
more
about
how
the
network
really
operates
in
order
for
the
law
to
even
make
any
of
their
legal
efforts
to
make
any
sense
you
do
find
in
the
RFC
support
for
people
who
are
critical
of
the
internet
design
process.
F
There
was
very
little
on
disability,
elder
issues,
they're
not
mentioned
at
all,
but
there's
also
a
lot
of
evidence
that
couches
critics
I
gave
the
example
of.
Are
you
thinking
about
fairness?
Yes,
you
are,
and
always
have
been,
but
another
example
is
the
criticism,
in
my
view,
is
the
criticism
on
the
language
front,
which
was
understood
to
be
a
human
rights
related
issue
very
very
early
on.
It
is
simply
that,
as
you
all
know,
better
than
I,
there
are
a
number
of
technical
problems
that
have
to
be
solved
in
order
to
meet
that
policy
goal.
F
F
1969
to
1979
is
actually
far
more
sophisticated
and
nuanced
than
we
have
been
seeing
up
until
the
point
of
differential
privacy
is
to
move
forward,
but
is
otherwise
much
more,
even
in
that
decade,
sophisticated
and
nuanced
than
what
we're
seeing
in
the
social
science
or
the
legal
or
the
political
environments.
Another
case
in
which
the
legal
people
can
learn
from
you.
You
engage
in
policymaking.
What
is
the
policy
subject?
You
of
course
develop
your
decision-making
procedures
established
implementation
programs.
You
are
a
venue
for
conflicts
and
conflict
resolution.
Again
you
all
know
much
more
about
that.
F
F
There
are
over
70
rfcs
that
talk
about
jurisdiction,
which
is
the
legal
question
of
in
what
territory
the
laws
of
a
particular
entity
apply,
and
increasingly
it's
clear,
of
course-
and
this
is
what
I
meant
by
the
emanations
of
the
state
reference-
it's
increasingly
clear-
that
the
identity
of
networked
citizenship
and
that
of
geopolitical
says
Gipp
are
becoming
detached
from
each
other,
offering
new
political
opportunities,
perhaps
I,
think
you're.
Early
attitudes
towards
users
are
important
in
the
sense
of
if
you're
thinking
about
human
rights,
who
are
the
entities
about
whom
you
would
be
concerned.
F
So
it
was
interesting
to
see
that,
of
course,
the
goal
was
all
comers
and
to
expand
usage
from
the
beginning.
But
then
new
users
are
also
cranky
and
have
new
demands
and
create
new
problems
because
they
don't
know
what's
going
on.
There
was
an
expectation
from
the
beginning
that
users
would
be
heterogeneous
across
multiple
dimensions,
but
the
understanding
of
the
user
always
tended
to
be
the
computer
scientists
involved
with
the
process,
and
it
was
interesting
to
see
that
they
were
the
first
social
science
done
on.
F
Internet
use
was
actually
done
in
the
1970s
by
a
computer
scientist
on
computer
science,
doctoral
students,
I'm
going
to
forget
which
the
UC
institutions
it
was
I
would
have
to
call
that
naive,
social
science.
There
is
a
difference
in
the
training
involved,
so
user
practices
were
seen
as
a
source
of
design
problems.
On
the
other
hand,
user
groups
have
been
influencing
design
decisions
even
from
very
early
on
early
distinctions
among
types
of
users
of
benign
versus
the
malicious,
of
course,
by
73.
F
The
network
had
already
been
brought
down
once
by
high
school
students
concerns
about
technical
insiders
and
outsiders,
but
this
one
is
I
think
of
particular
importance
from
the
human
rights
perspective.
I
was
fascinated
to
see
very
early
on
the
distinction
between
human
users
and
demon
users.
The
word
demon
is
used
in
the
RFC's.
The
concept
of
the
demon
comes
from
ancient
Greece
and
then
was
used
in
the
medieval
period
to
refer
to
sources
of
agency
things
that
can
act
that
are
neither
human
nor
divine
in
nature.
F
F
When
humans
were
taken
into
account,
it
was
often
grudgingly,
although
when
humans
needed
to
be
taken
into
account,
they
found
that
it
expanded
the
kinds
of
functions
that
were
designed
in
in
ways
that
were
useful
for
demons
as
well.
There
was
bemusement
about
human
preferences.
Can
you
believe
it
that
humans
want
to
be
able
to
remember
an
Internet
address
a
URL
kind
of
thing
and
and
concerned
that
they
couldn't
stop
humans
from
using
things
that
actually
were
set
up
for
the
technologies
to
use
uses?
It's
worth.
F
Many
of
you
been
a
part
of
the
process
for
a
long
time,
but
I
hear
a
lot
of
references
to
assumptions
made
about
what
people
were
thinking
about
in
the
early
years.
It
was
expected
very
early
on
that
we
would
be
using
the
Internet
and
every
domain
of
what
we
do
socially.
It
was
assumed
that
anybody
who
came
on
to
the
net
to
use
it
for
one
thing
was
inevitably
going
to
go
on
and
use
it
for
other
kinds
of
things.
That
was
already
vividly
evident.
F
They
were
aware
that
each
technological
innovation
would
bring
new
uses.
A
wide
range
of
uses
by
government
came
up
early
on
including
government
in
about
72.
The
weather
system
was
the
first
one
that
they
tried
to
deal
with.
Has
a
very
complex
and
global
problem.
Commercial
uses
again
discussed
already
in
the
early
70s
included.
This
range
I
decided
to
treat
the
design
criteria
as
if
they
were
policy
principles.
F
I
was
in
a
sense,
reading
the
RFC's
as
equivalent
to
constitutional
documents
that
wasn't
original
with
me,
but
mapped
on
to
my
own
research
history,
which
does
include
reading
massive
numbers
of
Supreme,
Court
decisions
and
so
forth.
So
among
there
were
additional
ones,
but
in
terms
of
those
that
are
particularly
pertinent
to
human
rights
design
principles,
design
criteria
that
we
can
treat
as
policy
principles
from
the
first
decade
alone
include
user
democracy.
The
effort
to
really
serve
all
kinds
of
users,
whether
technical
or
not,
whatever
their
interests
wherever
in
the
globe.
F
The
desire
to
have
telepresence
distant
and
distributed
computing,
which
is
important
in
terms
of
equity,
of
access
to
resources,
access
to
information
and
freedom
of
expression
and
privacy
as
an
enduring
key
concern.
These
are
some
of
the
human
rights
implications
that
I
believe
derived
from
are
suggested
by
these
kinds
of
design
criteria
and
I.
Think
the
HR
PC
for
the
provocation
I'll
do
some
writing
to
address
that
direct
translation
and
I
will
be
entering
the
text
process
within
the
RFC's
on
these
kinds
of
points.
F
Where
does
that
leave
us
in
terms
of
what's
going
on
today?
Privacy
still
the
most
discussed
human
rights
issue?
It's
widely
recognized
that
the
Internet
is
fundamentally
important
for
human
rights,
such
as
freedom
of
expression
and
I,
laud,
the
formation
of
the
HR
PC,
but
by
now
I've
been
arguing
this
in
the
in
the
non-technical
environment
as
well,
but
the
rights
of
concern,
for
you
are
socio
technical,
not
just
technical
and
by
socio
technical
I
mean
that
we
are
now
living
in
a
world.
F
I
actually
think
it's
a
it's
a
moment
of
species
change,
but
we're
living,
which
is
far
shy
of
the
singularity.
There
are
moments
of
species
change
without
going
that
far,
so
we
are
unable,
at
this
point
in
many
ways
to
think
about
what's
going
on
in
social
systems
without
thinking
about
what's
going
on
in
technical
systems
and
vice
versa,
your
interest
in
the
socio
technical,
rather
than
just
the
technical
or
just
the
social,
actually
is
there's
resonance
with
that
on
the
legal
side.
So
in
the
u.s.
F
We
are
seeing
the
evolution
of
robot
law
where
about
ten
years
into
serious
thinking
by
legal
scholars
about
how
to
develop
law
that
treats
robots
even
as
legal
subjects.
This
is
of
deep
concern
from
a
human
rights
perspective.
I
can
identify
this
as
a
trend,
but
we
need
to
think
about
then
what
it
is
to
be
human
and
what
what
we
need
to
protect
in
the
human
and
how
we
can
protect
the
human
and
what
is
no
longer
just
a
human
environment
but
a
socio
technical
environment.
F
The
technology
is
yes,
Marshall
McLuhan
are
extensions
of
us,
but
we
aren't
yet
there
in
terms
of
understanding
all
of
what
that
means
for
human
rights.
I've
been
trying
to
think
about
what
the
socio-technical
is
for
those
of
you
within
the
architecture
and
design
community
and
there's
a
sense
in
which
you
could
say
that
the
code
is
as
the
would
would
be,
to
a
woodworker
and
that's
true:
it's
your
material,
the
material
that
you
work,
but
in
your
case,
because
it's
all
about
mathematics,
really.
Your
medium
is
complexity
itself.
F
Human
complexity
itself-
and
that
is
the
biggest
challenge
you
could
imagine
humans
ever
being
presented
with
code-
is
law
in
the
sense
that
it
does
have
structural
constitutive
effect.
But
it's
also
not
law
in
the
sense
that
there's
enormous
variance
across
diverse
autonomous
systems
and
within
sub
networks,
it
can
be
changed
or
affected
by
a
lot
of
different
kinds
of
entities.
Middleboxes
are
your
current
issue
and
politics
still
matters.
F
So
what
I
mean
here
is
that
when
we
make
the
law,
we
have
the
hope
that
it
will
provide
general
principles
that
will
at
least
apply
in
a
somewhat
stable
manner
until
we
in
a
reasoned
and
measured
manner,
decide
to
change
those
rules
in
the
code
environment.
Things
can
change
very
quickly,
whether
by
will
and
whether
positively
or
through
malicious
goals,
you
can
have
sub
environments
in
which
things
operate
very
differently,
but
the
bottom
line
is
about
politics
because
well
not
information
is
leaked,
only
matters
if
that
information
is
used
for
repressive
purposes.
F
If
no
one's
looking
for
me
to
throw
me
into
jail
because
they
don't
like
what
I
say
about
a
president
of
the
United
States,
then
there
is
in
the
abstract
a
concern
about
information
leaking.
There
might
be
commercial
concerns
if
there's
danger
of
financial
harm,
but
a
lot
of
it
won't
matter
what
matters
is
the
political
will
and
no
matter
what
you
do
on
the
technical
front,
you
can't
you
aren't
in
the
technical
world
alone
going
to
be
able
to
solve
the
problem.
A
political
will.
F
My
reading
of
the
technical
environment
is
that,
if
working
on
the
privacy
problem,
for
example,
is
a
is
a
whack-a-mole
problem
with
every
new
technology,
you
have
the
new
issue
of
trying
to
prevent
information
leakage.
That's
going
to
keep
on
moving
you're,
never
going
to
be
able
to
stop
that
moving
and
and
wherever
you
put
in
a
barrier,
it
will
be
possible
to
put
in
a
workaround.
So
it's
a
never-ending
process.
F
Unfortunately,
the
law
is
not
the
law
either
in
the
sense
that
whatever
is
in
the
text,
gets
interpreted,
gets
implemented,
and
the
question
of
whether
or
not
evidence
has
even
taken
into
account
our
current
issue
in
the
u.s.,
let
alone
what
kinds
of
evidence
are
used
really
matter.
You
can
get
completely
different
outcomes
from
the
same
legal
text
than
the
same
legal
systems.
Germany
saw
that
in
the
1930s
the
u.s.
is
going
through
that
right
now
and
the
law
can
change
it
surprisingly
quickly,
as
we
are
learning.
F
So
it
is
important
to
take
human
rights
concerns
into
the
into
account
during
the
design
process
from
the
bottom
up,
but
I
think
that
cross-training
of
legal
and
technical
communities
is
absolutely
essential.
One
of
the
primary
motivations
for
my
doing
this
research
was
to
at
minimum
provide
course,
materials
for
those
required
ethics
courses
and
computer
science
departments
that,
in
as
far
as
I
can
have
been
able
to
tell
are
largely
taught
by
somebody.
F
F
The
easy
example
in
building
architecture
is
the
arch
that
goes
over
a
doorway
which,
in
early
efforts
to
build
arches,
that
triangle
was
needed
in
order
to
make
the
thing
hold
up.
We
learned
more
about
engineering
and
no
longer
need
that
triangle,
but
we
have
kept
that
triangle
for
all
kinds
of
aesthetic
purposes
in
my
reading
of,
what's
going
on
with
our
national
governments,
much
of
what
goes
on
in
terms
of
how
the
structure
looks,
my
line
is
much
of
how
we
talk
about
it,
how
we're
taught
about
it,
how
the
media
talk
about.
F
It
is
looking
where
the
magician's
hand
is
going
and
not
where
the
game
actually
is.
Those
legal
structures
are
often
now
spam,
drills
being
used
for
purposes
quite
other
than
those
through
which
they
were
originally
designed,
and
the
same
thing
is
true
for
many
of
our
laws.
Therefore,
well
it
it,
we
are
certainly
experiencing.
F
Extremely
important
political
moves
by
national
governments,
it
is
I'm
not
utterly
convinced
that
those
are
matters
of
states
as
opposed
to
other
kinds
of
entities,
other
kinds
of
associations
and
relationships.
The
opportunity
that
offers
those
of
us
who
are
also
networked
citizens
is
to
take
advantage
of
autonomous
systems
and
various
kinds
of
independent
and
community
based
networks
to
formulate
new
operating
environments
that
do
protect
the
human
rights
and
values
about
which
we
are
most
concerned.
I
shared
with
someone
before
I
start
speaking
that
I
am
humbled
by
the
question.
F
These
are
the
eight
publications
that
are
so
far
out
there.
There
are
two
more
that
are
about
to
go
out
the
door
and
another
half
dozen
on
the
way
you
can
find.
If
you
have
anything
you'd
like
to
chat
about
full
text.
So
many
of
the
publications
are
up
on
the
website
and,
if
you're
interested
in
the
theoretical
and
conceptual
frameworks
within
which
I'm
approaching
this
there
are
other
works
as
well.
So
thank
you
for
your
time.
I.
A
H
H
One
of
the
things
in
your
presentation
mentioned
jurisdictional
issues
and
I
think
that
something
that
we've
been
struggling
with
a
lot
in
terms
of
how
do
we
conceive
of
the
work
that
we're
doing
and
I'm
curious?
If
you
had
any
thoughts
about
network
protocol
design
in
general
as
a
as
a
sort
of
lowest
common
denominator,
given
its
ability
to
span
jurisdictions
or
as
a
homogenizing
force
or
what
the?
What
the
implications
are
for
protocol
designers
due
to
the
cross
jurisdictional
nature
of
our
work.
F
I'm
glad
there'll
be
notes
because
I'm
gonna
take
these
those
provocations
for
further
research,
but
I
would
I
I'd,
like
your
approach
to
that.
I
would
really
point
you
if
you're
curious
about
the
very
edge
of
the
jurisdictional
problem,
I
do
think
it's
in
the
cybersecurity
realm
or
actually
at
this
point
states
are
saying
when
I
want
to
claim
it's
mine,
I'll
claim
it
and
when
I
don't
want
to
claim
exactly
the
same
thing
as
mine,
I
won't
claim
it.
That
gives
a
lot
of
freedom
in
a
certain
kind.
I
I'm
John
Levine,
so
I
guess
I'm
going
to
ask
the
same
question.
I
always
ask
if
I
look
at
the
Universal
Declaration
of
Human
Rights,
it
has
30
articles
and
we've
been
talking
primarily
about
privacy
and
and
freedom
of
expression,
which
is
two
articles,
but
there's
28
more
and
I
mean
particular
there's.
There's
there's
one
about
freedom
from
attacks
on
I
forget
its
integrity
in
personal
for
a
personal
honor,
okay,
which
on
the
internet,
is
a
big
thing.
I
You
know
and
has
some
tension
with
freedom
of
speech
and
freedom
of,
and
privacy
and
I
never
hear
anybody
talk
about
this,
and
so
well,
not
at
all
minimizing
the
stuff.
The
people
that
the
people
do
talk
about.
You
know,
if
you
look
through
there's,
also
freedom
from
arbitrary
deprivation
of
property.
I
F
I
am
new
to
the
HRP
see.
This
is
my
first
eruption
within
this
group.
So
that's
a
question
for
the
group,
but
I
would
agree
with
you
that
those
matters
should
be
included.
One
that
I
pointed
to
this
week
also
is
access
to
information.
There
is
some
pushback
on
that.
In
terms
of
does
that
mean
everyone
should
have
internet
access
actually
under
US
law,
everyone
should
have
internet
access,
whether
the
community,
even
if
it's
at
the
community
level,
rather
than
individuals
so
I,
would
agree
with
the
point.
Okay,.
J
Steamboats,
alright,
thanks
again,
though,
I
think
this
worked
quite
interesting.
If,
if
you
were
able
to
send
some
links
on
to
the
mailing
list
of
about
those
kinder,
essentially
would
find
it
quite
interesting
if
you,
if
you
had
a
chance
to
do
that
later
and
so
I
had
one
kind
of
small
question.
Is
you
kind
of
make
us
look
very
good?
F
Because
I
could,
because
my
ability
to
analyze
the
technical
decisions
that
I
have
been
distressing
was
limited.
That
would
have
been
where
the
concern
came.
What
has
been
very
interesting?
You
know
you
guys
are
all
about
cold,
but
but
if
you
step
back
in
terms
of
the
sociology
of
knowledge
you
spent
you
know,
you
spend
your
time
talking
about
texts
and
documents,
not
a
you
know
in
a
sense
not
about
code
I,.
F
What
has
surprised
me
this
week,
so
it's
not
within
the
text
or
within
this
research
that
I
saw
it,
but
the
I
have
been
actually
shocked
this
week
by
some
of
the
conversations
I've
heard
in
which
very
fundamental
legal
and
rights
related
issues
have
been
completely
invisible
to
the
designers,
but
so
available
that
with
one
sentence
all
of
a
sudden,
it
was
seen.
So
if
it's
one
sentence
away
from
visibility,
why
can't?
F
K
It's
just
that,
even
when
you
have
examples
like
RFC,
4096
and
the
you
know,
tagging
spam
and
the
subject
header
even
the
issue,
there
is
well
computers,
aren't
going
to
make
very
simple
sense
of
this
and
anything
else
we're
trying
to
get
humans
to
understand
that
it's
really
kind
of
a
problem.
Beyond
that
I
understand.
F
K
F
Think
there's
there
are
there's
a
need
for
courses
and
shared
shared
discourse
environments
both
of
those
kinds
of
things.
The
good
news
is
that
Harvard
is
beginning
to
think
about
taking
some
leadership.
Other
institutions
have
talked
about
it,
so
I
think
we're
at
a
rising
moment
of
interest
in
that,
but
but
no
institution
has
yet
stepped
forward
to
say
we're
going
to
make
this
happen.
L
L
You
talked
a
little
bit
about
the
the
preference
of
the
daemon
over
the
human
and
you
talked
elsewhere
about
preferring
the
values
of
the
network
over
human
rights
and
so
on
and
I
wonder
if
there's
an
interesting
thing,
that's
that's
emerging
here,
I've
been
noodling
about
this
little
while
so
some
of
the
people
in
the
room
might
roll
their
eyes
when
they
hear
this
again.
But
it
seems
to
me
that
that
we're
we're
sort
of
in
that
something
is
emerging
here
that
is,
is
a
different
system
other
than
humans.
L
L
F
But
to
me
it
means
we
need
to
reconvene
rights,
given
that
they
are
so
dependent
on,
and
it
was
it's
easy
to
think
about
water
and
food
and
those
are
still
concerns.
But
now
we
have
these
other
technological
concerns
as
well,
that
are
part
of
who
we
are
as
a
species
at
this
point
differentially
across
the
globe.
Yes,
but
but
yes,
I,
think
that's
exactly
the
intellectual
and
the
political
problem
that
we
have
if
I
may
make
one
last
thought
in
reference
to
the
piece
eating.
F
Ask
me
a
new
question:
I'm
always
slow,
but
one
additional
thing
on
the
bringing
of
the
legal
and
technical
communities
together.
Is
the
translation
work
that
you
folks
who
are
in
this
group?
I
think
have
a
particular
gift
force,
so
I
have
to
say
thank
you
Niels
for
the
amount
that
I
have
learned
in
terms
of
how
to
understand
issues
that
you
were
discussing
here
this
week
from
a
human
rights
perspective.
Having
a
translator
was
enormous
ly
important,
so
translation
would
be
the
third
piece
of
that
education,
shared
discourse,
communities,
translation.
G
This
is
Alison
relaying
from
jabber
the
person
wrote
big.
The
current
biggest
threat
to
Internet
privacy
and
human
rights
are
goog,
FB,
etc
and
their
business
models.
How
do
we
fight
that?
And
what
can
this
group
realistically
do
about
it
and
I
think
what
the
question
is
is:
do
you
have
a
perspective
on
how
we-
and
we
were
thinking
about
the
rights
aspects
of
that
yeah.
F
When
it
I
do
think
that's
where
the
law
has
an
opportunity,
because
in
my
view,
we
are
going
to
be
unable
to
constrain
political
actors
with
the
law
they're
going
to
do
what
they
want
to
do
and
that's
why
it's
a
political
struggle,
not
a
technical
or
a
legal
struggle.
But
when
it
comes
to
what
corporations
do,
I
would
still
like
to
believe
that
the
law
makes
a
difference.
So
that's
where
the
battles
are.
E
M
M
M
We
first
started
just
by
analyzing
the
affordances
of
the
internet
architecture
to
towards
freedom
of
association
and
assembly,
but
when
we
started
doing
more
and
more
research,
we
wondered
if
the
internet
itself
was
an
association
and
what
were
the
consequences
of
this
in
terms
of
international
human
rights
law.
So
this
is
what
I
will
be
talking
about
a
little
bit
today.
Next,
please
so
it's
important
to
say
that,
as
part
of
our
methodology,
we
try
to
cover
the
most
typical
uses.
M
It's
not
super
exhaustive
and
we
tried
focusing
at
only
at
the
infrastructure
layer
and
we
did
not
cover
the
application
layer
at
all,
because
it
is
the
IDS
indeed.
Next,
please
so
in
just
very
quickly.
International
law
protects
collective
expression,
either
a
female's
temporal
or
gatherings
or
organizations
the
difference
between
assembly
and
association.
It's
merely
a
question
of
degree.
One
is
Association,
is
more
formal,
think
about
NGOs.
Think
about
unions,
trade
unions,
whereas
assemblies
are
gatherings,
usually
protest
sittings.
M
These
kinds
of
things
next,
please,
but
it
is
very
important
to
stress
out
from
international
law-
is
that
what
international
law
protects.
It's
actually
the
freedom
to
join
an
association
it
actually
in
international
law,
also
says
peaceful
purposes.
It
is
very
interesting
to
delve
into
that,
because
this
has
been
abused,
saying
that
some
gatherings
are
not
peaceful.
Therefore,
they
are
prohibited.
I
think
it's
very
interesting
to
expand
on
this
further
on
this
draft.
M
We
haven't
done
something
yet,
but
I
would
love
to
hear
your
comments
about
it,
but
back
on
the
freedom
aspect,
it's
very
important
because
no
one
can
be
forced
to
either
join
but
stay
or
leave
an
association.
It
is
it's
exactly
that
a
freedom
itself
next,
please
so
the
ITF
itself
defined
by
RFC
3233
as
an
open,
global
community
of
network
designers,
it's
an
assembly
itself
and
even
an
association
if
we
take
into
account
the
rather
formal
nature
of
it.
M
Next,
please
RFC's
are
possible
because
of
the
collective
expression
that
freedom
of
association
and
assembly
allow
and
even
the
world.
The
word
protocol
finally
swage
language
of
computer
networking
based
on
a
need
to
just
have
an
agreement
among
users
right
I.
So
just
this
just
to
give
context
and
meaning
to
what
Association
is.
These
are
not
merely
words.
These
are
things
that
have
an
impact
on
our
daily
lives
as
edge
users,
but
also
they
have
impacts
on
the
ITF
itself.
So
now
we're
wondering
what
impacts
are
these
rights
having
on
internet
architecture
and
vice
versa?
M
Right
next,
please.
So
we
mapped
out
a
lot
of
cases
and
examples
I
think
it's
not
necessarily
worth
going
through
each
and
every
one
of
them,
but
it's
very
interesting
to
approach
these
cases
by
thinking
about
the
freedom
perspective,
because,
as
I
said
and
I
want
to
say
it
again,
it
is
indeed
of
freedom
so
reaching
out.
M
So
this
is
first
Association
as
well,
and
then
recently
we
developed
this
argument
about
autonomous
systems,
because
in
order
for
edge
users
to
connect
to
the
internet,
they
need
to
pass
through
an
intermediary
that
provides
them
the
access
to
other
networks.
So
for
users
to
be
able
to
join
the
network
of
networks,
they
have
to
connect
and
accept
the
policies
of
an
other
system,
and
maybe
they
do
not
even
consent
with
them
or
are
not
even
aware
of
them.
M
So
we
were
thinking
that
this
is
also
a
form
of
forced
Association
and
it
is
not
trivial
for
a
net
user
to
connect
to
his
network.
A
network
of
networks
I
mean
not.
Everybody
has
all
this
technical
knowledge
and
privilege
of
free
time
to
get
on
on
onto
this
perspective
itself.
Next,
please
another
question:
I
was
just
calling
a
research
right
through
is
which
model
is
better?
M
Is
it
better
for
freedom
of
association
at
the
infrastructure
layer
to
be
centralized
or
decentralized
decentralized,
Enver
ceilings,
architecture,
sure
they
protect
them
in
anonymity
and
privacy,
but
at
the
same
time,
centralized
solutions
also
enable
people
to
group
together
and
reinforce
identity
issues
and
make
some
groups
more
visible.
So
if
we
were
thinking
about
standardizing
either/or,
which
one
could
be
the
better
answer
or
is
there
no
better
answer
answer
at
all.
K
M
D
M
But
it's
definitely
a
discussion
that
might
be
worth
pointing
towards
too
and
taking
again
to
see
what
we
can
pull
out
from
there
and
think
about
the
human
rights
impact
of
these
standard
stations
and
drafts.
So
then
we
come
to
my
favorite
point.
Is
the
internet
itself
an
association
or
assembly?
And
what
does
this
mean
in
terms
of
in
terms
of
human
rights?
M
Next,
please,
if
you
think
about
it
in
the
offline
space,
whether
you
are
going
to
a
pub
or
a
protest,
it's
all
about
networks,
it's
all
about
the
people,
you
know
and
the
people
that
the
people
you
know
know
in
turn,
so
networks
and
associations,
even
at
a
linguistical
level,
are
very
closely
related,
interconnected
groups
and
assemblies
of
people.
They
depend
essentially
on
this.
We
are
all
linked
either
again
offline
or
online.
So
if
the
Internet
is,
is
an
association
does
it?
M
Does
this
mean
that
every
network
is
an
assembly
so
they
can
implement
their
own
rules,
say
censor
anything
they
want
because
they
have
that
protection
itself,
or
do
we
have
to
give
more
importance
to
a
larger
assembly,
the
network
of
networks
that
prevails
over
all
the
other,
smaller
ones?
We
discuss
this
back
and
forth
several
times
next,
please
and.
M
We
did
conclude
that
the
Internet,
when
we
dare
to
conclude
I,
would
love
to
discuss
this
further,
but
I
just
love
this
idea,
because
I
think
it
could
take
us
to
really
interesting
consequences.
If
the
Internet
is
made
up
of
interconnected
autonomous
systems,
then
that
is
an
association
and
an
assembly
itself.
So
even
if
they
are
private
autonomous
systems,
they
have
public
consequences,
so
they
have
to
be
certain,
so
they
have
to
be
subject
to
certain
rules
and
I.
M
So
if
the
Internet
is
an
association,
it
should
be
protected
at
such
and,
as
I
said,
all
the
other
rights
that
stem
from
that
should
be
protected
as
well.
Next,
please
so,
yes,
the
internet
impacts,
the
ability
of
people
to
exercise
their
freedom,
special
emphasis
again
on
freedom
of
assembly
and
Association,
and
the
Internet
in
itself
is
a
form
of
assembly
and
socia
an
association
and
should
be
protected.
As
such,
we
still
have
to
figure
out
much
more
technical
details
and
how
these
two
worlds
are
going
to
combine.
M
A
You
very
much
I
want
to,
as
the
line
starts
to
develop
and
before
we
get
to
the
adoption.
I
wanted
to
just
see
a
quick
hand.
Show
of
the
people
who
have
read
read
this
draft
fairly
good.
Okay,
thanks
more
more
than
I
want
to
count
it.
Okay,
I'll
go
to
the
line.
Please
make
sure
you
give
your
name
as
you
start
to.
F
Speak
Sandra,
Bremen,
Texas,
A&M
University.
Thank
you,
geez
laughs,
for
taking
down
this
path.
I
see
that
you
and
I
have
actually
come
to
the
same
position
regarding
an
interest
in
autonomous
systems
as
one
place
where
politics
may
be
going,
but
permit
me
to
offer
some
critiques
because
I'm
concerned
about
the
definitional
foundations
of
your
work
and
would
hate
the
whole
effort
to
fail
on
the
definitional
problem.
So
I
don't
know
a
lot
about
how
freedom
of
association
has
been
treated
in
international
law,
but
a
quick
search
shows.
It
was
largely
used.
F
It
developed
out
of
labour
concerns,
labor
organizing,
but
in
US
law,
where
that
language
comes
from
assembly
is
and
of
course
there
is
always
a
difference
between
legal
definitions
and
common-sense
definitions,
you're
relying
on
common
sense,
common
usage
definitions
assembly
in
US
law
has
to
do
with
physical
gathering.
Association
does
have
to
do
with
formal
relationships
in
an
organization
side
point,
but
an
important
one.
F
Something
to
consider
as
you
go
further
with
this
would
be
that
one
of
the
important
elements
of
freedom
of
association
in
US
law
is
the
right
to
be
anonymous
within
the
Association.
That
is,
the
government
can't
come
and
ask
you
who
your
members
are,
but
it
does
require
the
formal
relationships.
So
a
thief
breaking
into
your
house
or
a
DDoS
attack
is
not
considered
an
association.
It
doesn't
meet
the
requirements
and
nor
do
social
networks.
M
Yeah,
definitely
that's
an
amazing
point.
We
actually
try
to
get
the
International
jurisprudence
to
get
it's
much
more
abstract.
Actually,
the
u.s.
is
one
of
the
countries
that
has
more
jurisprudence
on
the
right
to
freedom
of
association
and
assembly,
also
regarding
free
speech-
and
we
discussed
a
lot
also
about
like
who
are
you-
and
this
is
beautiful
in
the
US,
your
Jewish
princess,
well,
I'm
Mexican,
so
I'm,
not
an
expert
on
you
as
yours,
Prince
or
whatsoever.
M
So,
but
who
do
you
have
the
right
to
discriminate
if
you
have
an
association
or
not,
and
what
we
did
find
and
we
could
make
we
made
a
combination,
nina
taking
international
laws
or
main
standard
was
that,
even
though
it
might
be
true
that
an
assembly
is
a
physical
gathering,
we
went
with
the
definition
of
a
temporary
gathering,
a
more
famous
one
that
is
crystallized
in
international
law,
also
because
it
has
been
recognized
that
online
and
offline
rights
are
should
be
applied
in
the
same
way,
but
I.
Thank
you
for
this,
because
I
do
believe.
M
F
Yes,
and
if
I
can
permit
one
follow-up,
your
argument
about
assembly
is
a
very
good
one.
It
would
deserve
journal
article
length
treatment
in
its
own
to
make
that
argument
as
a
as
a
necessary
step
to
make
sure
your
readers
are
understanding
what
you're
saying,
but
on
the
Association
side,
I
think
that
the
treatment
of
those
relationships
within
social
networks
and
so
on
is
still
going
to
be
very
difficult
to
defend
and
it
will
undermine
people's
reception
to
your
work.
Thank
you.
Two.
A
N
N
And
some
of
my
fears,
I
think
I
realized
by
this
slide.
Now
what
I
was
upset
about
when
this
group
is
being
formed?
Is
people
are
talking
about
rights
as
kind
of
political
rights,
and
it
ignores
the
kind
of
rights
that
Locke
called
the
laws
of
nature,
and
these
are
like
Liberty
rights
and
claim
rights
that
are
not
granted
by
an
organization
and
they're,
not
you
know,
bestowed
upon
people
for
some
societal
good.
N
These
exist
just
because
we're
human
beings,
and
one
of
those
is
the
right
to
Association
and
as
a
claim
right
in
a
Liberty
right.
There
are
no
obligations
that
I
must
hold
up
to
to
practice.
My
my
right
of
association
and,
furthermore,
the
the
idea
that
my
rights
of
Association
should
be
protected,
means
that
there's
some
group
that
has
granted
me
my
my
right
to
association
and
assembly
and
the
fear
there
is
that
you
know
something.
That's
big
enough
to
give
me
these
rights,
it's
big
enough
to
take
them
away,
and
you
know
we're.
N
We
don't
really
care
about
that
kind
of
problem
when
the
party
we
like
is
in
power,
but
when
the
party
we
don't
like
is
in
power,
we
become
neo
civil
libertarians,
so
I
kind
of
have
a
problem
with
the
fact
that
you
know
my
rights
to
assembly
and
Association
are
now
being
suborned
to
some
agency.
That
will
give
them
to
me
and
I'm
also
concerned
that,
since
things
that
are
private
have
public
consequences.
N
So
again,
this
is
sort
of
like
an
obligation
that
I'm
that
is
being
imposed
upon
my
liberty
and
claim
rights
which
I
object
to,
and
that
which
is
private
is
private
for
me
and
nobody
has
a
claim
to
that.
It
provided
that
I'm
practicing
my
liberty
and
claim
rights,
so
this
is
kind
of
stuff
that
I
was
worried
about
I.
Do
I
do
think
that
the
Internet
is
an
assembly
and
an
association,
but
I
am
alarmed
at
the
consequences
that
this
group
is
following
from
that
observation.
M
I
think
it's
definitely
non.
It's
not
a
black-and-white
issue.
I
do
believe
that,
even
though
you
have
a
right
to
Association,
there
are
limits
on
every
right.
The
freedom
of
expression
is
easier
to
talk
about,
but
there
are
certain
limits,
often
of
assembly
and
Association
as
well,
non-discrimination,
and
they
have
to
do
with
hate
speech
as
well
right
because
at
the
end
they
are
also
free
speech
issues,
its
collective
expression,
that
these
rights
are
protecting
and
I
do
think
that
we
need
to
delve
deeper
in
the
consequences
of
accepting
this
premise.
M
E
I
think
that
we
should
not
think
that
right
includes
necessary
and
authority
to
implement
it.
There
is
such
a
thing
as
distributed
governance,
which
can
also
uphold
rights,
so
even
an
absolute
right
doesn't
mean
an
absolute
authority
to
enforce
it,
which
is
a
problem
in
upholding
the
rights,
but
I
think
your
fear
that
if
we
say
it
is
an
association
and
therefore
there
are
these
rights
that
doesn't
mean
we
automatically
establish
an
organization
to
police
it
well.
L
L
Nevertheless,
I
I
think
there
is
a
problem
and,
and
it's
it's
almost
a
definitional
problem,
I
think
one
of
the
difficulties
that
you
have
here
is
that
you're
treating
the
internet
as
as
a
count
noun
and
and
that
proper
name
the
Internet
is
not
really
count
noun.
It's
it's!
It's
a
mass
noun,
the
word
the
internet.
L
So
the
reason
that
that
that
word
autonomous
is
in
the
term
autonomous
system
is
because
they
really
are
independent
networks,
they're
independent
things
that
that
wander
around
and
they
do
stuff
apart
from
one
another
and
the
fact
that
they
happen
to
interact
at
any
given
time
is
an
emergent
property
that
comes
from
the
fact
that
they
happen
to
use
the
same
protocols
that
we've
defined
here
at
the
IETF
and
that
other
people
have
defined
and
so
on.
If
that's
the
case,
then
the
obligations
that
are
in
the
last
bullet
there
just
don't
happen.
L
That
is
the
the
the
a
SS
that
happen
to
be
exchanging
at
any
one
time.
They
have
obligations
to
one
another
because
they
asserted
them.
That
is
by
using
a
given
protocol.
They've
asserted
the
the
obligations
that
come
from
using
that
protocol,
but
the
fact
that
they
don't
happen
to
implement
some
other
protocol
or
refuse
to
interoperate
with
some
other
AAS
on
the
Internet
is
not
a
problem.
That's
not
a
failure
of
their
obligation
and
that's
because
the
Internet
doesn't
have
a
complete
end-to-end
thing
from
edge
to
every
edge.
L
Instead,
the
Internet
is,
you
know
it's
its
amorphous
at
the
edges
and
that's
okay,
that's
actually
part
of
the
definition
of
it
and
I
think
that
if
you,
if
you
embrace
this
version
of
the
Internet,
you
know
it's
more
like
a
cloud
or
traffic
or
something
like
that,
then
you
don't
have
this
ability
to
say
well.
These
obligations
stem
from
this
because
in
any
given
bilateral
on
interaction
on
the
Internet,
the
obligation
might
be
there,
but
it's
not
a
transitive
property
that
carries
across
the
entire
internet.
L
That
seems
to
me
to
be
a
deep
conceptual
problem.
That's
in
the
draft
right
now
and
I'm
not
sure
that
you've
addressed
it
and
I.
That's.
That
seems
to
me
to
be
a
place
where
I
have
the
the
greatest
concern
about
the
way.
This
draft
goes
because
I
think
the
way
you
framed
it
and
tales
that
there
are
these
obligations
and
I
don't
believe
that
that's
consistent
with
the
definition
of
the
internet.
That
I
believe
is,
is
the
true
one.
Thanks.
M
I
just
I
thank
you,
for
this
is
also
well
just
defining
the
internet
itself
as
Sanders.
That
could
be
a
whole
research
paper
itself.
I
just
want
to
make
a
very
quick
note,
it's
very
different
and
regarding
both
comments
and
I,
think
it's
very
different
to
say.
Let
me
just
put
a
very
brief
example:
the
door
is
shut,
the
door
will
be
shut
or
the
door
should
be
shut
or
should
be
closed.
M
So
if
we
say
should
it
doesn't
mean
that
is
happening
in
reality,
and
it
doesn't
mean
that
it's
happening
at
a
physical
level.
It
just
means
that
it's
a
normative
level
that
could
embrace
further
protection
in
cases
of
human
rights
violations.
So
it's
just
thinking
about
that,
like
I,
just
want
to
put
that
in
also
taken
I
took
notes
on
everything
that
Joseph
said.
So
we
could
further
research
it
and
incorporate
it
into
our
drafts,
because
I
think
there's
a
more
work
to
do
regarding
this.
So
thanks
again
for
the
great
comments:
okay,.
A
Thank
you
on
the
research
group,
adoption
of
it
that
requires
sort
of
a
transform
from
from
sort
of
you
and
Neal's
owning
the
the
change
rights
to
the
group
and
I.
If
it's
okay,
I'd
like
to
take
that
question
to
the
list
as
opposed
to
trying
to
decide
it
here
at
this
point,
if
that's
you
know
fine,
with
with
the
two
of
you
I
think
it's
it's!
A
It's
a
good
discussion,
I'm,
not
sure
that
that
the
groups
ready
and
and
as
I
say,
there's
that
transform
in
sort
of
the
the
ownership
of
the
words
once
it
does
become
a
group
so
make
sure
you
really
want
what
you're
asking
for
so
thanks.
Okay,
thank
you!
Okay!
So
moving
on
to
the
next
one,
so
I'll
be
asking
that
question
on
the
list
of
about
adoption.
So
the
next
one
is
draft
and
over
H
RPC
political
Oh,
and
that's
will.
O
Right
so
good
morning,
everybody
thank
you
for
coming
here.
I've
been
making
some
changes
to
the
text
in
this
document
that
I
will
be
presenting,
but
so
the
rather
ambitious
scope
of
this
document
is
to
answer.
The
question
of
other
protocols
are
political.
It
goes
through
different
schools
of
thoughts
on
the
relationships
between
standards
and
specifications
and
moral
choices
and
the
possible
implications
thereof
on
the
IETF.
O
But
there
are
also
some
examples
where
the
morality
of
a
specific
standard
develops
over
time,
such
as
in
the
case
of
the
hypertext
Transfer
Protocol
we're
in
the
1990s.
Some
very
strong
privacy
concerns
were
expressed
in
the
RFC,
which
were
then
later
converted
into
a
kind
of
balancing
or
trade-off
between
privacy
concerns
and
possible.
Possible
uses
of
say
refers
for
security
monitoring
of
networks
or
websites.
O
O
The
changes
that
I
made
in
the
text
since
the
last
IDF
meeting
normally
concerned
competition
and
collaboration
so
going
over.
What
are
the
typical
challenges
faced
by
standards
associations?
How
are
they
financed?
How
do
you
get
a
lot
of
people
in
the
same
place
to
agree
and
also
whether
standards
associations
face
problems
with
you
know,
legal
problems,
such
as
in
competition
law
in
different
parts
of
the
world,
there's
been
some
renumber
of
different
sections
in
the
document.
O
In
section
9
that
was
formerly
section,
10
I've
made
the
drastic
decision
to
remove
references
to
the
IETF,
not
being
a
protocol
police,
because
I
think
that
kind
of
language
is
just
a
bit
silly,
because
also
we
would
not
specify
that,
for
instance,
ducks
don't
bark
or
other
things
that
are
self-evident.
It's
a
voluntary
standards
Association
the
IETF
clearly
does
not
police
anything
in
general.
But
that
said,
the
IETF
does
engage
in
work
that
causes
policing
to
occur
in
other
places
in
the
world.
O
These
things
do
have
normative
effects,
and
even
if
you
can't
change
the
way
that
any
particular
enforcing
agency
deals
with
your
standards,
you
could
at
least
reflect
upon
what
could
be
the
effects
of
building
your
protocols
in
one
way
or
the
other.
That
said,
one
of
the
questions
that
were
meant
to
be
discussing
here
is
whether
this
should
be
adopted
as
a
draft
I
believe
and
also
up
on
hearing
the
discussions
from
the
earlier
presentations
in
this
group
that
it
would
be
useful
to
have
considerably
more
discussion
in
the
group.
O
We
need
participation
from
more
individuals
with
different
views
of
what
politics
is
or
could
be
what
the
engagement
of
this
community
should
be
with
political
processes.
In
that
case
and
how
the
standards
that
you
develop
interface
with
them,
we
could
be
looking
closer
at
different
situations.
Variety
of
standards
have
made
it
into
enforceable
policies
in
different
parts
of
the
world.
O
I
think
that
would
be
useful
for
this
community,
maybe
to
to
know
also
what
the
impact
is
that
you've
actually
had
on
on
people
when
they
engage
in
their
daily
tasks
outside
of
this
forum,
there's
clearly
some
some
semantics
that
needs
to
be
worked
out
as
well.
We've
had
discussions
here
about
natural
rights
and
about
the
interpretations
of
specific
concepts
under
American
law.
I
am
NOT
from
the
US,
and
so
for
me,
the
natural
rights
discussion,
as
well
as
the
legal
interpretation
of
terms
under
American
law,
is
a
bit
abstract.
O
It's
not
natural
to
me
and
I
haven't
really
I'm,
not
often
confronted
by
the
American
ways
of
dealing
with
legislation.
So
I
would
be
extremely
happy
if
we
could
have
a
broader
discussion
about
that
in
this
community
and
if
more
people
would
like
to
interface
with
me
or
with
other
people
in
the
research
group
about
how
a
community
like
the
IETF
could
could
or
should
reflect,
even
upon
the
very
semantics
of
what
it
is
that
it
means
to
have
politics
and
standards,
and
so
that's
my
short
debriefing
and
I'm
happy
to
take
any
questions.
O
P
Hi
I'm
Adrian,
Farrell
and
I
guess
in
this
room,
I'm
pirate
party
UK.
Thank
you
for
this
work.
I'd
like
to
encourage
you
to
remain
interested
in
robocalls.
Robocalls
are
a
curse
in
some
Member
States
of
the
EU,
despite
legislation,
because
the
Internet
has
actually
enabled
by
passing
on
the
legislation.
I.
O
K
David
Lawrence
I,
just
I,
don't
have
a
well-formed
thought
on
this,
but
I'm
kind
of
wondering,
since
you
mentioned
the
comparing
and
contrasting
the
EU
way
of
thinking
about
some
things
versus
not
really
knowing
the
American
way
of
thinking
about
things.
Well,
we
certainly
have
in
a
very
heavily
Western
bias
in
internet
standards
as
a
whole.
It
makes
me
wonder
about
what
kind
of
outreach
and
drawing
in
we
can
do
for
people
that
don't
necessarily
have
that
social
organization
system
like
individualist
versus
collectivist.
What
might
the
Japanese
perspective
on
it?
K
Being
not
just
what's
the
u.s.
perspective,
in
addition
to
bu
and
like
I,
said,
I,
don't
really
have
any
targeted
thoughts
on
that,
but
just
kind
of
like
that,
other
than
to
think
that
we
should
be
expanding
it
beyond
this
Western
concept.
But
how
does
all
all
of
the
stakeholders
in
the
internet
participate?
I.
D
J
Q
Kairos,
the
overwhelming
feeling
that
I
get
from
from
the
session
this
morning
is
that
a
lot
of
the
terminology
that
were
using
here
is
kind
of.
There
are
not
agreed-upon
definitions
for
a
lot
of
these
things,
or
at
least
not
precisely
enough
right
and
so
the
word
rights,
for
instance,
winds
up
being
a
Rorschach
test,
and
it's
whatever
you
happen
to
see
in
it.
Whatever
your
preconceptions
are
you're
going
to
then
apply
to
the
text.
A
If
I
can
intercede
on
that,
one
in
both
the
RFC
that
just
came
out
and
in
this
draft
there
is
an
attempt
to
define
what
we
mean
by
the
words
now.
We
can
then
argue
over
those
definitions,
but
we
have
and
doing
that
that
definitional
part,
because
you're
very
much
you're
very
right
for
it
not
to
be
a
row.
Sartre
wrote
whatever
were.
A
Test,
thank
you.
We
do
need
to
put
down
definitions
that
we
do
need
to
discuss
them,
and,
and
so
that
is
part
of,
what's
being
done
well,.
Q
Right
but
then
you're
gonna
get
disagreement
on
on
the
validity
of
the
desk
of
the
definitions
as
well
right.
So
it's
you
know
especially
like
the
word
right
is
really
loaded
and
you
know,
as
was
demonstrated
before
it
has
very
different
meanings,
potentially
even
within
different
communities
in
the
United
States.
All
right.
D
E
But
where
the
discussion
then
ended,
which
does
it
means
we
can't
change.
It
is
that
we
used
Universal
Declaration
of
Human
Rights
and
the
International
Covenant
on
Civil
and
Political
Rights,
and
the
International
Covenant
on
social,
cultural
and
economic
rights,
because
they're
the
most
universal
norms
that
have
been
internationally
adapted
and
pretty
much
signed
and
ratified
by
all
countries
in
the
world,
and
they
are
all
consistent
with
each
other.
Well.
E
A
O
I
think
this
is
a
discussion
that
needs
to
be
taken
to
the
emailing
list
so
that
we
can
share
more
thoughts.
I
think
the
semantic
problems
of
how
you
define
rights
in
different
cultures,
as
well
as
the
point
that
we
need
to
bring
in
more
the
Asian
participants
in
the
ITF
into
these
discussions
are
very
valid
and
we
will
be
working
towards
that
goal
in
the
upcoming
months.
So,
thank
you
all
for
your
questions
and
participation.
Thank
you
and
yeah.
A
I
keep
forgetting
the
applause
part.
Thank
you
all
for
reminding
I
just
wanted
to
mention
that,
just
because
something
hasn't
been
adopted,
as
a
research
group,
project
or
document
does
not
mean
we
can't
discuss
it
in
great
and
gory
detail
on
the
list.
So
please
you're
all
invited
to
to
continue
these.
These
discussions
there,
okay,
the
next
one,
is
draft
unrequested.
R
R
Prefer
to
have
a
slave
like
aunt
Ella
next
time,
please,
okay!
Okay,
so
you
probably
noticed
that
there
was
a
new
version
of
the
anonymity
draft
which
was
published
beginning
of
the
week
so
bit
late
for
everyone
to
read
it.
The
first
version
of
the
anonymity
draft
was
extremely
short
on
the
new
one
is
much
expanded.
So
if
you
have
read
0-0,
please
forget
it
on
with
zero
one.
R
What
the
problem
with
anonymity
is
that,
unlike
what
many
people
are
saying,
for
instance,
when
some
people
in
the
law
enforcement
set
up
because
of
encryption,
they
are
going
dogs
I
can
no
longer
see
what's
going
on,
it's
quite
the
opposite.
Actually,
by
default,
a
lot
of
data
is
produced,
I
mean
if
we
do
not
say
if
we
just
follow
the
ordinary
path,
digital
networks,
a
lot
of
data
is
produced
on
internet.
Improved
surveillance,
not
only
allows
it
but
improves
it.
So,
up
to
now,
all's
I've
been
not
a
lot
of
anonymity
walk
at
IETF.
R
These
documents
are
important
because,
for
instance,
6235
is
about
anonymization
of
data,
which
is
a
that
we
select.
78
44
is
a
good
example
of
a
protocol
that,
by
default
without
sinking
bad
by
default.
The
protocol
DHCP
in
that
case
was
really
good
for
surveillance,
very
bad
for
privacy,
and
it
took
a
conscious
effort
on
a
lot
of
work
to
make
a
protocol
to
make
to
turn
DHCP
into
a
protocol
which
is
better
for
privacy.
R
So
do
we
need
a
general
document
about
identity?
That's
big!
If
you
a
big
problem
when
you
talk
about
anonymity
is
terminology
because
there
is
no
really
stand
out,
I
mean.
Even
if
there
is
one
people
don't
understand
it
or
don't
sometimes
don't
agree
on.
The
definition
on
anonymity
is
a
very
loaded
term.
A
lot
of
people
talk
about
it.
R
For
instance,
if
you
take
the
announcement
yesterday
of
the
new
DNS,
a
public
service,
a
quad
nine,
it's
not,
it
was
not
in
the
official
press
release,
but
a
lot
of
people
talking
about
quad
nightwear,
mentioning
anonymity,
saying
that
it's
good
that
quad
nine
promised
to
anonymize
the
data
they
collect
about
people,
this
sort
of
thing,
but
most
of
the
time
anonymity
is
used
in
a
very
approximative
meaning,
and
we
said
we
will
certainly
have
a
lot
of
things
to
discuss
about
terminology.
I
mean
anonymity
has
been
discussed
a
lot
already
outside
of
IETF.
R
So
we
should
not
reinvent
the
wheel.
We
should
be
modest,
but
on
the
other
end,
as
a
result
of
all
these
discussions
outside
of
the
IETF
is
in
some
respects
a
big
mess
where
it's
quite
difficult
to
find
out.
What's
going
on,
for
instance,
the
difference
between
anonymity
and
pseudonymity
is
still
not
very
clear,
even
in
people
who
participate
in
organization
like
IETF.
So
there
is
also
a
more
political
discussion
about.
Should
we
promote
a
low
anonymity?
R
It's
on
one
side.
Identity
is
very
often
seen
as
something
bad,
for
instance,
by
law
enforcement,
about
other
people
who
say
if
we
have
anonymity,
trolls
will
be
able
to
troll
freely
without
fear
of
her
all
this
sort
of
thing,
but
to
stick
with
ietf
matters
as
an
emetic
and
also
Bea's,
be
seen
as
a
problem
for
operation
people,
for
instance,
in
the
case
of
DHCP,
that
I
mentioned
RFC
78
44.
If
we
don't
know
that
the
same
machine
is
going
back,
it
may
make
things
more
difficult.
R
R
We
don't
make
documents
just
for
the
pleasure
of
writing
documents.
One
of
the
gods
of
HR
PC
is
also
to
be
actually
alt-fuel
to
IETF
walk,
so
is
it?
Will
it
be
possible
to
provide
practical
advice,
because
if
the
ID,
if
the
document
is
only
to
say
that
anonymity
is
good
and
to
give
a
definition,
maybe
it's
not
worth
the
time?
So
one
of
the
questions
we
have
to
ask
is:
can
we
really
provide
practical
advice?
R
There
were
few
ideas
in
the
current
draft,
so
the
document
version
0
1,
is
out,
as
I
said,
forget
about
0
0,
which
was
a
just
a
beginning.
Please
read
it
comment
it
on
the
mailing
list
on
may
be
adapted
for
future
walk
or
to
merge
with
other
documents.
I
don't
know.
So
thank
you
and
any
remarks,
questions,
etc.
A
S
S
I'll
Tokyo
net
box,
so
you've
raised
some
very
good
points.
There
I
was
interested
on
the
implementation
question
I
suppose
so
you
said
that
there's
a
lot
of
research
here,
but
it
doesn't
always
make
its
way
into
the
specifications.
How
do
you
think
we
can
perhaps
bridge
bridge?
That
is
there
a
way
we
could
make
this
work
more
visible
in
the
implementation
space?
Do
you
think
we
could
try
harder
to
do
that?
I.
I
I
What
a
point
at
the
IETF
and
say
that
we're
a
bunch
of
we're
about
your
wacko,
libertarians
and
I
would
I
would
like
to
look
really
hard
at
issues
of
when
do
people
need
anonymity
versus
a
pseudonym
versus
other
approaches
to
allow
people
to
speak
freely,
while
still
remaining,
while
still
retaining.
You
know
every
time
I
stand
up
here.
I
talk
about
a
tax
on
personal
honor,
you
know
and
I
think
something
something
you
know
this
for
this
to
be
credible
and
this
to
be
useful.
I
We
need
to
address
the
tension
between
anonymous
speech
and
bad
things
that
people
do
with
anonymous
speech
in
ways
and
ways
to
weigh
the
consequences
back
and
forth
and
to
mitigate
mitigate
the
damage
and
try
to
get
the
benefits
without,
without
basically
all
the
bad
stuff
that
you
get.
If
you
do
it
in
a
naive
way,.
R
That's
something
that
will
happen
for
every
human
rights,
no
offense.
This
has
been
discussed
a
lot
in
the
context
of
encryption,
so
it's
also
problem
for
anonymity.
I
think
that
I
have
seen
two
80s
already
some
provisions
about
the
fact
that
human
rights
are
not
absolute
on
any
good
sync
and
also
being
bad
thing.
So
yes,
I'm
an
emetic
and
buying
problems,
but
is
it
up
to
us
to
address
it?
I
mean
the:
do
you
suggest
that
we
find
ways
to
have
access
to
anonymous
data
or
to
demise,
not
necessarily
but
I'm,
saying.
I
I
mean,
and
anonymity
is
a
very
narrow
thing
you
know
for,
and
you
know,
like
the
difference
between
being
anonymous
and
being
in
pseudonymous
is
kind
of
vague.
You
know,
and
a
lot
of
what
is
traditional,
you
know
like
the
classic
example
of
anonymous
speech.
Is
the
Federalist
Papers
in
the
United
States,
which
were
in
fact
for
pseudonyms,
and
everybody
knew
who
they
really
work
so
I
would
I
would
like
to
I
would
like
to
say.
I
Yes,
there
are
places
where
not
anonymity
is
important,
but
there
are
also
places
where
anonymity
produces
bad
results
for
human
rights,
and
we
need
you
know,
are
there.
You
know
when
you're,
looking
at
an
honest
speech,
look
at
other
approaches
that
can
provide
this,
the
similar
cracked
practical
benefits
and
can
stand
and
encourage
people
to
weigh
you
know
the
costs
of
what
they
do.
Along
with
the
benefits.
You
know,
I'm
not
saying
it.
I
mean
like
I'm
from
the
US,
where
you
know
we
haven't.
I
R
The
important
point
on
what
I
would
say
that
today
is
the
biggest
problem.
I
see
with
digital
networks
is
that
by
defaults,
I
produce
a
lot
of
that
did
on
the
break
at
enemity,
so
I
have
nothing
against
explicit
identification.
For
instance,
if
you
go
to
Facebook
to
the
Audion
web
server
Facebook
allowing
you
to
to
go
to
anonymously
to
Facebook
after
that
you
are
identified.
So
Facebook
knows
everything
about
you
as
before,
but
it's
the
only
Facebook
is
evil,
no
problem.
No!
No.
My.
N
R
Tells
my
was
in
my
opinion:
we
should
make
Network,
which
is
as
possible
an
animal
by
default,
and
then
some
services
may
require
identification,
a
github
of
Facebook
or
the
IETF
data
tracker
requires
identification,
but
the
problem
today
with
the
Internet
is
that
you
are
identified
by
default,
so
there
is
no
way
to
be
anonymous.
It
worked
this.
We.
A
And
that's
exactly
what
I
was
gonna
suggest.
First
of
all,
I
want
to
cut
the
line,
but
then
also
it
looks
like
a
really
good
discussion
to
have
further
on
the
list
and
cutting
the
line
here.
Also
saying,
though,
I'll
have
to
be
a
little
bit
quicker
since
I've
been
a
terrible,
co-chair
and
I've.
Let
time
be
used
in
wonderful
conversations
without
sticking
to
a
tight
schedule.
So
please
go
ahead.
Stephen.
J
Feil
speaking
quickly,
apologies
to
the
note-taker
and
I
think
having
the
discussion
time
actually
I.
Think
I
prefer
personally
and
III
have
some
sympathy
which
are
on
this
one
I
think
another
aspect
of
FOIA
anonymity
is
difficult
as
a
goal
is
because
it
can
be
very
very
hard,
especially
in
protocols,
and
if
you
were
to
ask
somebody
to
kind
of
change,
their
protocol
to
support
and
okay
anonymity
or
other
flavors
of
anonymous
kind
of
technical
things.
They
are
quite
often
gonna
be
way
too
hard
to
be
acceptable.
J
R
A
E
So
this
was
another
failed
attempt
of
me
to
satisfy
Stephen,
Farrow
and
I.
Think
we
already
on
discussed
at
the
list
that
I'm
going
to
structurally
fail
at
that,
so
I'll
probably
try
something
new,
but
seriously.
What
we
tried
here
was
to
see
whether
it
would
make
sense
to
take
part
of
the
discussion
that
we
had
in
our
in
the
process
in
RFC
RFC.
E
If
we
put
it
in
a
draft,
it
didn't
really
look
like
it
has.
A
proper
target
audience
probably
doesn't
make
a
lot
of
sense.
If
no
one
thinks
it
makes
sense
and
everyone
agrees,
then
I'll
just
go
and
die
on
the
data
tracker,
which
is
totally
fine,
also
because
most
of
the
text
is
in
other
is
in
other
documents.
E
So
if
no
one
has
a
problem
with
that
dying,
I'll
continue
to
the
next
draft,
which
is
pretty
much
just
taking
the
guidelines
from
RFC
eighty
to
eighty
and
I
stuck
them
in
a
new
draft
for
two
reasons.
In
the
discussions
on
RFC.
Eighty
to
eighty,
the
first
one
to
mention
it
was
was
Elliot
Lear
was
to
take
the
considerations
and
put
them
in
a
separate
documents
to
make
it
more
practical
for
people
to
use
them.
E
We
didn't
do
that
by
the
time,
because
the
guidelines
were
a
conk
conclusion
from
the
research,
but
now
we
are
doing
the
research.
Now
we
have
that
that
early
hypothesis
or
the
early
research
and
now
we're
going
to
try
to
apply
it.
I
expect
that
the
guidelines
will
change
and
in
this
process,
I
already
came
up
with
some
changes
based
on
the
work
of
Stephan,
but
I
think.
The
points
that
John
Levine
made
might
also
adds
further
considerations.
A
Thank
you
and
any
comments.
I
think
that
was
fairly
clear
and,
if
not
I'll
just
move
on,
and
it's
basically
an
active
document
and
open
for
comment.
I
have
a
question
of
our
ad,
which
is
we
are
within
10
minutes
of
ending
there's
nothing
on
after
us
anywhere
as
far
as
I
can
tell,
and
are
we
in
trouble
if
we
for
whoever's
willing
to
stay
sort
of
creep
on
a
little
bit
into
other
time,.
A
If
you
just
shake
your
head,
I
can
say
you
said
no,
it's
okay
and
we
can
creep
on
if
any
of
the
technical
support
or
anyone
else
have
a
reason
why
we
have
to
stop.
Please
let
us
know
understandable
if
some
of
you
will
have
to
leave,
but
we
have
a
fair
amount
left
and
if
I
can
continue
going
through,
it
I
think
that
would
be
good
we're
having
some
good
discussions,
etc.
So,
okay,
thanks.
Our
next
thing
is
the
Arado
to
RFC,
77,
25,
plus
draft
new
protocol
elements
for
51
plus
human
rights
consideration.
A
E
T
I
also
worked
on
the
browser
extension
and
the
block
collector
from
the
previous
hackathon,
so
the
feedback
that
we
got
on
monday
was
that
smartin
thompson
mentioned
that
for
the
geographical
scope
that
we're
proposing
in
draft
new
protocol
elements,
we
might
want
to
keep
it
as
a
link
header
instead
of
like,
if
you
were
considering
an
alpha
to
country
code,
but
maybe
perhaps
a
link
to
an
explicit
document
that
specifies
the
geographical
scope
at
a
more
granular
level.
Then
just
a
country
code
might
be
more
useful
or
perhaps
the
downside
is
that
it's.
T
This
lad
complexity,
because
now
whoever's
implementing
this,
the
status
code
would
have
to
maintain
and
upload
a
document,
and
we
also
got
some
feedback
from
Mark
Nottingham
on
how
to
move
forward.
I'll
talk
about
this
in
a
second
Sandra
brought
up
an
interesting
point.
So
right
now,
as
RFC
775
defines
it,
the
reason
for
the
block
must
be
in
should
be
in
the
response
body,
but
so,
but,
given
that
the
whole
point
is
to
increase
transparency
around
the
block
should
be
changed.
T
Should
we
change
it
to
a
must,
make
sure
we
should
we
say
that
you
must
specify
the
reason
in
the
response
body,
so
I
correspond
it
with
Timbre
about
the
original,
the
original
author
of
RFC
775
as
to
why
he
put
it
must
assume
he
put
should,
and
he
said,
didn't
really
come
up
in
the
discussion
at
all,
and
it
was
just
something
he
went
but
initially
and
it
was
accepted.
So
maybe
that's
worth
talking
about
it's,
not
something
we
wanna
propose
as
well.
T
There
is
some
discussion
about
the
word
censorship
on
the
mailing
list
in
perhaps
also
you
could
talk
about
that
and
what
would
one
be
using
when
we
talk
about
this
in
the
drafts
I
my
personal
opinion
we
should
be
using
whatever
RFC
775
says,
which
is
not
legally
with
L,
as
Andrew
Sullivan
pointed
out,
and
also
Sandra
said
that
maybe
you
want
to
have
some.
We
want
to
have
a
section
on
legality
when
we
talk
about
the
human
rights
considerations
of
this
status
code
so
moving
forward,
perhaps
you
want
to
be
so.
T
A
S
Know,
yeah
toko,
so
there's
a
problem
with
trying
to
put
the
the
reason
in
the
body
that
would
mean
it
can
only
be
used
for
basically
HTML,
whereas
we
want
this.
We
used
for
images,
gifts
which
we
can't
be
edited
in
flight,
so
technically
I
think
it's
basically
impossible
to
require.
Must
for
for
that
point,
so
it
might
have
to
go
in
the
headers.
The
reason
for
the
block,
which
is
another
technical
challenge,
yeah.
U
U
T
U
To
country
code,
but
yeah
I'm
I'm,
not
aware
of
any
box
that
have
happened
on
a
sub
country
level.
Now
there
are,
there
are
blocks
that
happen
on
on
the
basis
of
even
even
civil
suits
from
individuals,
but
I
think
a
country
code
still
applies
there,
that
individuals,
at
least
within
our
country,
and
it's
unambiguous,
even
if
it's
even
if
it's
incomplete
it.
T
V
D
S
Just
on
the
question
of
the
country
code
and
granularity
I
believe
that
there
has
been
an
attempt
before
I,
don't
remember
the
RFC
from
memory
to
actually
implement
geo
Geographic
blocks
based
on
geocoding
within
the
header
that
would
allow
Geographic
rocks,
be
propagated
and
even
cached
using
the
HTTP
caching
system.
I.
Think
that
didn't
work
out
so
I
would
caution
against
anything
beyond
jurisdiction,
national
level
granularity.
It's
also
a
question
of
what
do
you
want
to
support
and
what
do
you
want
to
legitimize
it
away?
I
think
this.
S
T
Not
sure
about
that
I
feel
like
we
should.
The
purpose
of
this
should
be
to
give
implementers
of
the
block.
Allow
them
a
mechanism
to
give
transparency
around
this,
so
I
think
I
mean
it's
a
different
discussion.
I
guess
like
what
we
want
to
legitimize
or
not,
but
I
don't
think
we
yeah
I
view
it
more
as
as
much
transparency
around
this
as
possible.
F
Thank
you.
Two
thoughts
just
want
to
share
why
I
argued
for?
Must
there
I
don't
know
of
a
government
in
the
world
that
isn't
that?
Doesn't
that's
fighting
trouble,
but
most
governments
that
we
consider
legitimate
always
tell
you
why
there
why
they
are
stopping
you
from
doing
something?
It
may
be
a
reason.
F
It
may
be
not
the
real
reason,
but
they
have
to
tell
you
something
and
that
matters
from
the
users
perspective.
If
you
want
to
seek
redress
and
I
I'm
interested
in
this
because
of
the
opportunities
it
could
give
for
redress
by
individuals
and
and
by
governments,
I
mean
sorry
by
entities
that
are
trying
to
change
actually
what
governments
are
doing
so
since
this
is
a
hinge
between
the
technical
system
and
the
legal
system,
you
want
to
incorporate
how
each
of
those
operates
and
in
the
legal
world
you
give
the
reason
why
something
is
being
blocked.
F
So,
if,
in
the
ideal
world
we're
moving
towards
this
being
a
requirement
rather
than
voluntary
must
would
have
to
be
a
part
of
that,
and
I
would
also
like
to
see
something
about
redress.
Some
discussion
of
that.
The
second
point
I
wanted
to
make
is
that
really
we
want
to
distinguish
you've
already
moved
to
the
distinction
between
who's,
doing
the
blocking
and
the
jurisdiction
that
justified
the
blocking
of
the
source
of
the
law
or
regulation
that
justifies
the
blocking.
F
T
A
E
W
Before
I
get
started,
I
just
wanted
to
display
on
the
slide
the
list
of
people
who
have
helped
me
with
this
work
and
also
to
perhaps
make
a
qualification
which
is
I,
have
zero
legal
and
technical
training,
so
I'm
just
a
charlatan
in
front
of
you.
If
there
are
lots
of
mistakes,
the
fault
is
mine
and
if
there
is
anything
valuable,
the
credit
goes
to
the
list
of
gentlemen
and
the
lady
on
this
list.
Next
slide.
Please.
W
So
what
has
been
done
is
we
look
through
the
RFC's
and
some
of
the
ITF
documentation
done
on
blogs
and
also
news
websites?
We've
listened
to
the
video
Cobbins
of
the
ITF
meetings
and
we've
also
surveyed
some
amount
of
academic
literature.
What
we
haven't
managed
to
do
so
far
is
look
through
the
mailing
list.
W
Archives
completely,
and
what
we'd
like
to
do
is
interview
members
of
the
working
group
and
complete
the
analysis
of
academic
papers
and
perhaps
have
the
consideration
document
reviewed
by
members
of
the
working
group,
because
before
we
start
sharing
on
the
mailing
list
and
also
perhaps
write
a
blog
on
our
experiences
doing
this
work
next
slide.
Please
so
before
I
go
into
the
actual
work.
I
wanted
to
ask
some
big
questions.
It
wasn't
obvious
to
me
at
least
when
I
got
started,
that
what
was
much
more
a
framework
was
the
framework
rather
than
a
standard.
W
So
the
questions
are
going
forward.
Should
we
focus
on
standards
more
or
frameworks,
or
are
they
both
equally
difficult
to
tackle
from
the
perspective
of
doing
human
rights
considerations?
The
second
question
was
on
the
scope,
the
oauth
framework.
It
was
difficult
to
decide
where
we
should
end
the
perimeter
of
analysis,
and
the
third
question
is
from
the
perspective
of
human
rights:
is
there
any
prioritization?
W
W
Next
I
will
be
joined
in
December
by
some
of
these
people
at
the
Bangalore
office,
where
we
could
step
up
to
work
and
then
finally,
I
think
this
is
not
the
question
that
was
difficult
for
us
to
grapple
with,
which
is
when
should
the
standard
take
the
fall
for
a
particular
failing
when
it
comes
to
a
particular
human
rights
consideration,
but
because
of
my
math
phobia
and
crypto,
probably
I
have
tried
to
focus
on
standards
that
don't
implicate
both
of
this
too
much
next
slide.
Please.
E
X
X
W
The
way
I
was
thinking
of
it
was
with
a
standard.
Then
you
would
usually
have
a
plurality
of
tools
that
are
in
compliance
with
the
standard
and
then
that's
a
little
more
easier
to
understand
with
the
framework.
The
diversity
as
far
as
implementation
goes
is
much
more,
so
you
may
not
get
an
off-the-shelf
product
which
is
in
compliance
with
the
framework
or
or
it's
harder
to
make
this
assessment.
X
Yeah
I
think
it
is
I,
think
a
lot
of
idea
of
specifications
that
have
a
range
of
complexity
to
them.
And
if
you
look
at
things
like
the
telephony
specification
set
that
it
will
it's
about
as
complex
as
OAuth
or
even
more
so
perhaps,
and
do
you
call
that
a
standard
or
a
framework
or
neither
I
actually
don't
think
there
is
I
mean
if
meaningful
distinctions
may
be.
Thank.
W
You
next
slide.
First,
then,
a
few
comments
on
the
actual
considerations,
and
perhaps
this
could
go
into
the
work
that
Neil's
just
spoke
about,
which
is
the
guidelines.
So
the
security
criterion
was
hard
to
deal
with,
primarily
because
the
first
question
I
thought.
The
answer
would
be
common
to
all
standards
that
we
reviewed
for
a
non-expert
identification
of
new
attacks
is
hard,
especially
when
there
is
a
lot
of
work
done
and
given
the
diversity
in
implementation.
W
There
are
so
many
different
actors
that
could
be
in
charge
of
a
particular
entity
in
the
floor
so
that,
for
example,
you
could
have
national
ID
projects
using
open
art
and
the
next
criterion
that
was
tough
for
us
to
deal
with.
Was
the
outcome.
Transparency
criterion.
So
it
isn't,
as
I
have
traditionally
understood
it
from
data
protection
law,
the
right
to
an
explanation,
but
rather
a
mapping
of
the
unintended
effects
of
the
standard
protocol.
So
that
was
also
difficult
for
an
non
expert.
W
I
think
it
is
perhaps
even
creative
work
and
harder,
perhaps
to
take
up
an
ich
end
of
logical
fashion
and
the
assumption
that
has
to
be
made-
and
this
goes
back
to
what
John
Levine
said,
which
is
the
person
doing
the
Human
Rights
protocol.
Consideration
has
to
assume
that
the
trade-off
or
the
optimization
between
competing
human
rights
imperatives
has
already
been
done
by
the
working
group
and
I.
W
Don't
know
whether
it's
the
job
of
the
protocols
consideration
to
actually
completely
open
out
that
debate,
because
protecting
the
right
to
property,
for
example,
might
need
certain
infringement
on
the
right
to
privacy
and
so
on
next
slide,
please
so
now,
but
going
into
some
of
the
criteria.
That
is
part
of
the
assessment,
and
these
are
the
first
thoughts
I've
had
this
is
starting
with
connectivity.
So
what
it
seems
like
is,
there
is
no
application,
specific
functionality
added
to
intermediary
nodes.
W
Second,
that
the
framework
cannot
be
developed
in
a
stateless
manner.
That's
what
we
thought
was
possible
was
was
impossible
and
we've
heard
some
kind
of
anecdotal
evidence
that
it
is
perhaps
not
optimized
for
low
bandwidth
countries,
but
we
were
not
able
to
find
any
online
reference
to
this
or
any
academic
literature
on
this
point
next
slide.
X
X
Maybe
my
understanding
of
how
you
use
the
term
stateless,
but
I'm
not
actually
sure
that's
correct
there
are
there
ways
to
use
OAuth
where
you
use
asymmetric
crypto,
where
you
don't
have
to
keep
state
in
in
the
notes,
but
this
may
just
be
me:
misunderstanding
how
you
use
the
term
and
the
third
point
there
is
something
called
the
ACE
working
group
in
in
the
IDF
which
sort
of
has
profiled
OAuth
for
the
use
in
for
for
IOT
and
low
bandwidth
situations,
so
that
I'm
not
sure
that's
true
either.
Thank.
W
W
So
what
seems
to
be
the
issue
is
the
audit
of
authorized
authentication
period
and
in
some
of
our
kind
of
telecom
regulation,
this
was
required
that
the
data
controller
constantly
check
with
the
data
subject
whether
the
they
are
authorized
to
continue
to
do
or
use
their
data
for
a
particular
purpose
and
that
kind
of
changed
things
quite
dramatically
so
I
mean
one
way
to
deal
with
this.
To
say
that
question
like
this
is
completely
out
of
the
scope
of
the
standard
and
the
standard
should
not
be
prescriptive
about
this
particular
question.
W
But
if
you
look
at
the
usage
of
the
standard
very
broadly-
and
you
look
at
some
of
the
research
that's
out
of
there
out
there,
it
seems
that
most
users,
end-users-
are
unaware
of
these
extended
authorization
periods.
So
that
was
a
solution
that
we
came
up
with
I
again,
don't
know
whether
it's
appropriate
at
all,
but
that's
on
my
slide
next
slide.
W
W
Finally,
next
slide
on
security.
This
really
took
a
lot
of
time
and
it
was
still
not
able
to
read
everything
or
even
understand
the
concern
and
erst
and
the
implications
fully
for
human
rights.
The
working
group
has
done
a
lot
of
work.
There
is
already
the
security
considerations
in
the
standard
itself,
and
there
are
two
are
the
documents
that
go
into
security
threats
and
mitigation
modules.
W
The
community
hasn't
come
to
consensus.
This
is
what
that
is
still
going
on,
but
it
was,
as
I
said
earlier,
it
became
a
bit
unclear
what
we
should
do,
what
I
should
do
as
part
of
the
human
rights
considerations,
look
at
the
existing
threats
and
mitigation
models,
the
current
best
practices
and
so
on
and
think
through
what
some
of
the
scenarios
would
be
for
human
rights
violations
or
make
it
easier
for
somebody
from
the
human
rights
world
to
understand
the
work
that
is
already
done.
W
E
E
So
if
I
might
suggest,
because
we're
already
50
minutes
over
the
end
of
our
session,
whether
you
have
some
thoughts
who
knew
that
are
a
bit
meta
like
about
the
guidelines
themselves,
whether
it
was
a
useful
exercise
or
not
and
a
way
forward
and
then
and
then
we
can
come
back
to
the
actual
example
on
the
list
and
also
in
relation
with
the
OAuth
folks
and
and
continue
on
that.
If
you
don't
mind,
no.
W
Apart
from
the
issues
I've
already
raised,
I
think
this
is
truly
multidisciplinary
work.
It
needs
people
with
expertise
in
a
very
wide
range
of
areas
to
tackle
the
work
and
also
the
first
I
am
assuming
that
for
some
standards
and
protocols
the
work
can
be
quite
voluminous.
The
amount
of
data
that
has
to
be
crunched
in
order
to
produce
such
an
assessment
I'll
stop
here.
A
Thank
you,
I
think
this
is
I
mean
it's
really
quite
a
detailed
and
great
analysis,
I'm,
hoping
that
perhaps
it's
something
that
that
could
be
put
in
in
a
draft
that
we
could
discuss
further
because
it
being
the
first
substantive
use
or
the
second
sorry,
the
second
substantive
use
of
it.
It
really
would
be
spending
worth
spending
some
more
time
on
it,
perhaps
putting
it
on
the
agenda
at
next
meeting,
I'm
wondering
if
you're
willing
to
turn
this
into
a
draft
that
that
could
then
be
further
discussed.
W
Ideally,
if
I
had
managed
to
get
a
visa
this
time,
I
would
have
had
at
least
some
interviews
in
the
corridors
with
members
of
the
working
group
and
gotten
the
kind
of
feedback
that
the
gentleman
at
the
mic
has
been
giving
me
and
avoided
kind
of
obvious
mistakes.
So
I'm,
absolutely
working
towards
a
draft
I
will
try
and
duel
some
of
these
integrals
remotely.
If
the
working
group
members
have
three
time
on
their.
A
And
perhaps
we
can
even
talk
about
scheduling
one
of
those,
those
interim
meetings,
conversations
on
this
at
some
point
in
the
new
year
before
the
new
meeting.
If
that's
something
that
would
be
valuable
to
you
and
see
if
we
can
get
anybody
from
you
know
the
working
group
that
they
could,
they
could
give
it
more
substance.
So
you
know,
perhaps
we
can
talk
some
more
about
doing
that
thanks
s
and
thank
you
and
sorry
sorry
did
to
sort
of
squeeze
you
on
on
the
time
on.
It
very
much
appreciate
the
work.
A
And
and
having
done
that
to
him,
I'm,
basically
going
to
take
the
next
subject
which
was
moving
on
and
how
we
move
forward
and
how
we
continue
the
work
that
that's
being
done
and
and
take
the
draft
and
basically
try
to
solidify
the
the
considerations.
Try
and
solidify
the
science
between
it.
I'll
take
that
discussion
to
the
list
and
further
to
the
next
meeting.
The
last
thing
we
had
was
another
presentation
that
we
had
said
only
time
permitting
I
apologize
time
doesn't
permit,
but
definitely
the
the
presentation.
A
Is
there
it's
something
we
can
talk
about
on
the
list
and
if
it's
of
interest
to
the
presenter
to
do
it
at
our
next
meeting,
we
can
sort
of
put
it
earlier
in
the
session
so
that
it
doesn't
get
pushed
off
the
end.
I
apologize
for
that,
but
I
think
we
really
had
some
good
discussions
and
I
didn't
want
to
lose
and
cut
those
off
so
I
don't
know
if
you'd
like
to
add
anything.
Maybe.
E
Brian
wants
to
raise
his
hand,
so
if
people
have
a
really
urgent
interest
in
this
highly
important
topic,
they
can
connect
to
Brian
or
look
at
his
talk,
which
is
also
on
the
on
the
internet.
Maybe
Brian
can
also
share
the
link
there
so
that
there
is
the
urgency,
but
also
to
warm
up
for
London.
As
you
can
see,
beautiful,
slides,
beautiful,
really
they're
huge.
A
Anybody
have
anything
to
add
it
to
Mike
before
I
say
thank
you
for
your
patience
and
for
your
contributions
and
discussion
now
in
which
you're
walking
to
the
mic,
no
you're,
not
okay,
in
which
case
I.
Thank
you
for
the
discussions,
the
meeting
the
presentations.
Thank
you
and
I
guess.
That's
it.
Thanks.