Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Internet Engineering Task Force / 99 / 21 Jul 2017
Internet Engineering Task Force / 99 / 21 Jul 2017
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: IETF99-HRPC-20170721-0930

Description

HRPC meeting session at IETF99
2017/07/21 0930

https://datatracker.ietf.org/meeting/99/proceedings/

A

Right.

B

Yep yeah.

C

Not just these lovely.

B

Good morning, everyone brave people of Friday morning and being scheduled against quick and still being here, that's great thanks. So much so while you are so dedicated, I am sure it will not be hard to find a note taker and a jabber scribe.

B

We have a note taker perfect and we have a jabber scribe.

B

Someone willing to jabber scribe.

B

Jebra scribe.

B

Do I need to ask the last person to come in to be the driver scribe.

B

Hello, everyone welcome very much to the human rights protocol considerations meeting Friday morning. July 21st also welcome to remote participants. We got quite a full agenda here and a bit different schedule from normal. We made two changes in the schedule, as discussed on the list is that we have a longer session, then normally, because we often ran out of time and instead of having three or four speakers for inspiration. We took one. So we would have more time for discussion. You would go into a bit more depth.

B

I'm also happy at the end to see whether you think this is a useful model. We should revert back or we should go out. Otherwise they are the administrivia. We have a note-taker. Do we already have a volunteer for the different scribe? We have a jabber scribe, excellent thanks. So much, please join the main list. If you haven't done so already, poor requests for drafts are welcoming github. You can find the intros the minutes and a website there. I said we have quite a full agenda.

B

Does anyone have any other points for the agenda agenda bashing one to approved here? We go so this is the note. Well, if you haven't noticed it well, then you haven't noted so well during this whole week because it's Friday morning, so if you have any IPR claims you would like to make or you have any IP are things for anything you'd like to present. Please tell us now because else it's too late.

B

So as always, it's very important that you review documents, not only because then we have a man can have a more informed discussion, but also the quality of the IETF documents depends on your reviews. So please review documents, your own working group also in other working groups, and then we will also review your documents.

B

So the step research group we have been we've been quite Britney. We have been working on the topic since ITF 91 we've been a proposed research group since ietf 92, and you see we have a pretty consistent production of work actually with a smart increase in a number of drafts and also continuously new things coming about which you also see things in the presentation of it.

B

So what we're trying to do, as is in our Charter, is to expose the relationship between protocols and human rights, with an initial focus on the right of freedom of expression and the freedom of assembly. We've tried to propose guidelines and also see how those guidelines could work in practice and also to increase awareness of the human rights community and the technical community about the importance of technical workings of the internet and its impact on human rights, and then we'd like to start off with a presentation and Q&A with wilt Milton.

B

Mueller Milton is professor at Georgia, Tech, dr. famously of network and states, and ruling the route and he's gonna. Tell us his findings that he's working on with the paper with prasanna ba da also from Georgia Tech Milton.

D

Well, thank you I'm pleased to be here I'd, particularly like to think I've and Niels for inviting me I think it's very interesting that they were so eager to have the discussion. I do want to say that the idea for this paper was in fact Farzin s and she couldn't be here today. She has a bit of a human rights problem being Iranian and living in the u.s. she's afraid to leave, or at least was until the Supreme Court settled that issue.

D

We hope so so I'm here giving this talk, and it's called Ric wium for a dream.

D

Just to give you a brief summary of the somewhat provocative points we want to make yeah. First of all, we want to subject the belief that we can promote and protect human rights through protocols and standards or architectures to some critical assessment and I in particular, have a very long background in an old guy in science, technology and society studies and history of Technology and you'll see the intersection of that discipline to what you're doing here.

D

We think there are tendencies within this push that oversimplify the complex relationship between technology and society and that you all might benefit from this critical assessment.

D

Fundamentally, we believe that human rights are primarily a political and institutional accomplishment and cannot be reduced to a matter of technical design. Although we of course believe that technology dis, equilibrate, s-- existing institutions and alters the way society works, it's not simply a matter of technical design, and there are also some disturbing aspects of potentially negative aspects of the trying to make policy or protect or enable rights through your tech designs.

D

So let me first try to characterize the views boom that we are criticizing and the fact of the matter is we quickly discover that there is not a simple or uniform statement here. That is some clearly theoretically derived position. We have a spectrum of views, so at one extent some people are asserting that human rights can be protected by design or through the internet protocols, and given that technologists have a moral and legal responsibility to do so.

D

This, in particular, is coming from a sort of international law scholars like Kareem, cath and Florida, who are very steeped in the Universal Declaration of Human Rights.

D

So that's another aspect of this, so the many people within this group are very eager to connect, not just generic things like privacy or freedom of expression, but very specifically, the actual human, a Universal Declaration of Human Rights of the United Nations.

D

They believe that that can be enabled to the protocols or as one of them put it quote, baked into the architecture at design time now, a slightly weaker and probably a lot more practical statements of what you're trying to do come from your own HR PC document.

D

Not what I don't know whether to call in RFC or not? Yes, I think it is so it talks about Internet connectivity as enabling human rights, in other words, taking a technological or creating a technological capability that advances freedom of expression and there's a statement in there that the architectural design of the Internet converges with the human rights framework, which we frankly don't know what that mean.

D

There's another statement that the human rights enabling characteristics of the Internet might be degraded if they are not find described and sufficiently taken into account in protocol development, so that is again a step back from the harder position that human rights can be protected by design. What they're saying here is, let's be aware of impacts or potential impacts when we're developing protocols.

D

To try to relate this to the academic literature we find that there are sort of two distinct positions here.

D

One of them is a stronger claim, the the famous claim at least made famous by Lessig but developed by others before him. That code is law and then there's a somewhat weaker and we think more accurate claim that the technology mediates rights, that is, it is a kind of an intermediary between the accomplishment of Rights, on the one hand, and the the technical, the the efforts by people to use it in ways that either compromise or advance human rights, and that latter point is I, think articulated in Laura denardis work.

D

And, of course the code is law claim has a lot of precedents, including the Lessig Joel ridin burg Mitchell, somebody named Mitchell, who I don't even know, what's probably the first to articulate that claim now, just to sort of summarize the differences in the two perspectives with the code is law you're, focusing on the ex-ante initial design of the protocols or the architecture, whereas at the other perspective, you're focusing more on ex-post attempts.

D

The infrastructure is in place and people are trying to do things to it that either compromise human rights or advance human rights, for example, denardis and others have frequently focused on the famous SOPA and PIPA laws which we're trying to use domain name system blocking to to enforce copyright or prevent copyright infringement in the United States. Now this is clearly not a design, a really a redesign of Internet protocols that was an ex post attempt to use the capabilities of the infrastructure to block or filter certain kinds of things that were perceived as violating copyright.

D

The code in law perspective is fairly linear and deterministic.

D

Essentially, it asserts that whoever makes the design makes the rules and you're all kind of bound by them, whereas the other perspective has more of a two-way relationship in mind, and they view the infrastructure as a site of struggle over rights, and this struggle, we believe, is as much if not more political than technical.

D

So with that, characterization sort of the theory and practice will now go into our critique. Well, the first thing that we notice and again this point is certainly contestable at some point, but for a very large extent the Internet is already designed. Its basic architecture is in place. This is not to say that it doesn't change that there aren't marginal adjustments and changes that there aren't new standards, but any kind of protocol development that's going on now and the IETF is not going to.

E

Have.

D

An immediate and major impact on the way things work much less on the degree to which human rights are enabled over the Internet and there's something also interesting about that is you know if, indeed, new standards or new processes within IAAF are needed to protect human rights? It seems that seems to indicate that its current architecture does not necessarily protect human rights that this again is more of a site of struggle, rather than baked into the architecture.

D

The second problem is, we have some difficulty understanding the extremely strong linkage that is asserted between the UDHR and international law and the technical architecture, that is to say, if you say, I am trying to protect through my protocol. The confidentiality of data I know what that means very clearly, if you're saying I'm, trying to protect the right of privacy as defined in the UDHR I'm, not sure I do know what you mean, if you say, I'm, trying to protect the entire set of human rights and enshrined in this standard.

D

I'm, absolutely sure I have no idea what you mean by that, because the UDHR and the whole complex of international human rights law is extremely extensive and complex.

D

It was formulated in fairly imprecise terms, they're, not all of the rights in there, for example, the right to a job, I'm, not sure you're, going to help that with your protocol development, maybe the right to developers to a job might be in some way advanced by what you do here, but some rights, as the the committee here recognizes in their document, are not that relevant to ICTs or connectivity. So again, that's that's a big step back from the general claim about human rights.

D

Now, even the rights that you consider to be the most relevant to the Internet contain serious internal conflicts, so one of the obvious ones is free expression versus privacy. The human rights declaration says that everybody, you know the famous article 19 after which I think Neil's has tattooed on his forehead somewhere says that you know freedom of expression. Everybody has a right to seek and impart information regardless of frontiers.

D

It's great it's one of my fav formulations of the right to freedom of expression, but then later on it says everybody has the right not to be defamed to not have their reputation besmirched by others, and so those two things can obviously clash. So how do you do that? In a protocol? Free expression versus intellectual property? Is intellectual properties, actually recognize human rights?

D

So and it's ironic that many of the people who are in the forefront of the theoretical work on this human rights and protocol development connection were people who were resisting the attempt by copyright owners to fake copyright protection into the Internet infrastructure and there's clearly they were doing this kind of on free expression grounds and on differences over the scope of intellectual property rights.

D

So again, there's it's not clear that there's a linear or simple relationship between these rights and the protocols or the even the infrastructure, due process for the accused versus swift justice for victims that you could view that as kind of a tension, if not a contradiction.

D

Obviously, human rights puts great emphasis on due process, but it's also a human rights issue that, if you don't catch bad bad people who do evil things so there's a tension there. Now again the the HPRC people are not naive. They recognize this in their documents. But, to my mind, the response is quite lame, they're sort of saying. Well, you need to balance them.

D

Okay. How are they balanced? How are they balanced in a protocol? This is not clear to me: decisions on design and deployment need to take rice conflicts into account. Okay, what does that mean to take them into account? How do you reconcile them? How do you make these rights into the architecture when you are that when you have these conflicts and needs or balances?

D

So that is what we consider to be one of the major issues with the the linkage that's being forged problem. Three, probably this won't be too controversial. Code is not law. Okay, and to understand this, you simply have to ask yourself: where does code come from? It's not purely exogenous. It doesn't drop down from the sky. Whoever writes code is responding to economic incentives, almost certainly probably political, doing it in a political environment, and there are certain kinds of legal and political constraints.

D

So there's a reciprocal relationship between what code gets written and the surrounding society and, in fact, code and architecture can be and often are overridden by laws and regulations, and so a good example of this comes right here from the IETF and the famous interaction that this group had with the kaliya, which is in the u.s. called the communications assistance for Law Enforcement Act.

D

Now, if you remember, is sometime in the early 90s, the telephone systems started getting digitized and the wiretapping technologies of the law-enforcement agencies and Intel agencies realized that their techniques were not able to capture information in the same way. So a law was passed in 1994 and this is really before the internet was a big thing perceived as the widespread mass medium. So they passed a law forcing us telephone companies to redesign their network architecture to facilitate wiretapping of telephone calls by law enforcement.

D

And then, of course, the internet became a big thing and the law enforcement agencies noticed that they didn't have any such capabilities for the Internet and when the IETF was working on standards for voice over IP and related things, somebody suggested to them I've seen assertions that the FBI asked the ietf, but I've never found any verification of this request. But certainly there was discussion of what to do about whether their standards or voice-over-ip should be made Kalea compliance, and so they formed the famous Raven working group.

D

I think it was in October or November of 1999 and it concluded in May of 2000 and the IETF basically said. No, no thanks. We're not going to write rewrite our standards to make them compliant with a US law, as you probably remember, the main reason for that was not so much human rights per se. Although the the tenor of the group was very very Pro, privacy, Pro, individual rights and anti-government anti-surveillance, but they basically said we're a global standards organization and we're not going to write standards to the specifications of one government.

D

So did that settle the matter. Did we have successfully protect privacy on the Internet? Well, of course, what happened next is that in 2004 and five all of the law enforcement agencies went before the US Federal Communications Commission and filed a petition to expand kaliya to broadband providers, voice over IP telephony and instant messaging. Of course, this laws would only apply to us-based providers or people with the major jurisdictional Nexus in the US and, of course, the civil rights civil liberties groups oppose these requests.

D

The Electronic Frontier Foundation in particular, was in the forefront of the opposition, but this was post, 9/11, America and surveillance, one politically over privacy and individual rights. So we got a kaliya compliant broadband providers. However, the technology of the internet was sufficiently diverse, complex and changing that there was continued to be this struggle over surveillance and privacy, as you all well know. Indeed, in this period, the FBI and the NSA continue to claim that they're going dark and privacy advocates continue to worry about the massive scope of surveillance on the Internet.

D

So what lessons would I grow from the Kalia case? Well, one of them obvious ones- is that the so-called bad guys or the anti human rights forces can use a standards process to they can specify. You know, let's get into the IETF and try to urge them to do something. Let's get go to the regulator and tell them to pass new standards that were a compulsory, so there's no nothing about doing things via standards and makes it throw human rights it.

D

The other conclusion is that code was code in law was law. The ietf refusal to make its architecture modifications did not settle the matter by itself and after the FCC intervention, there were some law dictating code, and then we saw norms, code, law and markets working together as elements in a political struggle over privacy.

D

Here's another problem: we do want you to consider, and that is if standards developers do think of themselves as being in the business of translating protecting and balancing legal and political rights, then they are or might be considered by others de facto policymakers, and if that in fact happens, then others, besides human rights advocates, will become interested in your standards and protocol development and enter into this arena where things are shaped, and indeed in the current environment, we think that standards and protocol developers might open themselves up to the charge that they lack legitimacy, that is to say political legitimacy or democratic legitimacy to define, enable and force or balance rights.

D

It doesn't seem outlandish for me to imagine that if indeed, you find yourselves actively shaping human rights in a way that really tilts the social environment, in the way that you want that you might find governments knocking on your door and saying well, maybe you should have some representatives of our point of view in your committees. Forget about technical expertise. You guys are in the policy business. Why can't?

D

We have a you know somebody from the ministry of communications of moldova here, because we have a perspective on what rights should be protected and how they should be protected.

D

As we said earlier, the the argument that technology mediates rights is, we think, more accurate and more useful because it better captures the reciprocal influence between technology and society. But we view much of the current literature on this topic as being somewhat a historical.

D

In effect, they might be even trying to reinvent the history of technology or science, technology and society studies, because this argument is true of every technology, not just the internet, regulation and control or the the level to which you achieve rights and freedom are always dependent in some ways upon the specific technical features of the communications medium now, I'm going to give you two historical examples of this, so one, of course, is the printing press, and if you go back to the 15th century and read some early discussions of printing technology, this was certainly perceived by Protestant Reformation as a technology of liberation, and indeed it was for a while, because it allowed you know.

D

Dissident groups like Protestants, to disseminate their views in in mass form in ways that gave them a competitive advantage over the old stodgy, Catholic Church, but and kings and princes were also challenged by this. So what happened? Well, the government started to clamp down on printing presses through various mechanisms.

D

One of the most simpler ones was simply to arrest dissidents and put them in jail or kill them, which goes on today, of course, but sometimes they try to exert more systematic economic control over the printing press, for example, by licensing presses and awarding monopolies to particular publishers to publish specific kinds of books, particularly in England. The printing press was highly licensed until I think the early 18th or 19th century mmm-hmm case abroad. A radio broadcasting is equally interesting.

D

What you have is a technical feature of radio communication, namely the control of the radio spectrum and governments asserted control or nationalize. The spectrum in order to achieve control over broadcasting technology in the u.s. broadcasting was essentially not entirely anarchic.

D

People were coordinating what frequencies they use, but it was extremely open and there are all kinds of new broadcasters pouring onto the airwaves in the early 20s and the government stepped in and effectively nationalized the airwaves and used its control of licensing broadcasters to impose a number of regulations, particularly pertaining to content and other kinds of performance, metrics on the broadcasting industry and, of course, in most of Europe.

D

Simply you had a single national broadcaster, so in all of the early stages of these technologies and what I'm suggesting is kind of a historical cycle here these technologies were technologies of freedom.

D

Indeed, not so much because of specific technical architecture made them promote freedom, but because they were new technologies in a state, didn't know how to control them yet- and this is particularly true of the internet, where we had you know just kind of burst onto the scene, unexpectedly by passing telecom monopolies and bypassing national barriers to censorship and control, and, of course, later on states learned. How can we control this? How what can we do to stop this? What can we do to stop that?

D

So you really have to pay attention to the historical trajectory of the technology. It is important to understand how and why these technologies broke out of the chains of previous technologies, but it's also important to understand that. Inevitably, those who want to control will discover new ways to control, just as people who want to evade control will discover new ways to evade control. So that leads to one of my final points, which is that design is ex-ante.

D

It happens before the fact and rights violations are really ex-post and knowledge of how they occur and where they occur, is really after the fact so true, assessment of human rights impact of various technical developments can only occur after the fact and standards are protocols that seem to be secure or protective at the moment of design may actually have unintended consequences. They may be exploited in ways that you don't anticipate or.

D

Creative people may think of ways to subvert them in ways that you did think of, but didn't quite work. So we again would emphasize a view of rights and technology as being an ongoing struggle, very much influenced by economics and politics, as well as by standards.

D

The one of the objectives that we've heard from people involved in the HRP see is that they want to change the language that you're using to describe the technologies, but we're not sure that simply changing language will have any actual impact on human rights on the Internet. Again, it might make you more aware of certain things, but by itself the change of language will not have much of an effect.

D

So, to conclude, we don't want anybody to go away, thinking that we're against human rights, we're in favor of human rights and in particular, I mean I, can't have to qualify that statement I'm very much in favor of freedom of expression, privacy, the classic civil and political rights. I, don't know about all of those things that are classified as human rights under human rights law, but the idea that you all are in a very powerful position to advance those rights through Internet, Protocol, design, I think is needs to be moderated and looked at soberly.

D

So the idea is not to discourage you from being aware of human rights or to believe or or to in any way divert you from a commitment to those rights, that's simply to challenge unrealistic expectations that could in fact, backfire in certain ways and otherwise might lead you to to waste a lot of energy on things that are not really where the action is so open. It up to discussion.

F

Thank you, um so I don't see anybody at the microphone. I, don't know Neil's whether you had had any comments. Someone is coming with a microphone. Thank you. Please remember to give your name at the beginning.

G

Hi there my name is Andrew Sullivan, so I I guess it probably won't be too surprising that I'm somewhat sympathetic to this. To this description of the issues and in particular, I think some of us were a little nervous during this work, because the problem I think for that you mentioned about you, know, sort of involving the standards process directly in in in political tussles, but I wonder whether there is a more generous reading of the not-quite RFC and that is to to read it as just an exhortation to protocol designers.

G

If you think about the consequences of potential technical trade-offs they make for any. Given you know right situation, and and and if it's, if it's just that, that seems a little less a little less controversial that you, you can make decisions that can have. You know potentially rights, enabling, if you believe in rights, rights, enabling consequences or rights, disabling consequences and and and maybe part of the difficulty is, there's there's a little bit of a tension in the text, sometimes between the more exhorted, Tory kind of version of it and more optimistic version.

G

That I think you were critiquing so I, don't know if you have anything to say about that. Thanks yeah.

D

I think that the conversation I had with Aubrey was very enlightening to me, because in some sense, when you're talking about enabling the creating technologies that enable again I think that's great and I think that the the internet did indeed enable article 19 of Human Rights by creating this global connectivity, and that was a fantastic achievement and we should all support it and I wouldn't have wanted.

D

I wouldn't have wanted policy makers or international lawyers to have any kind of a gatekeeping function over that I think the great thing about what the internet community did was they created this capability and didn't worry about the consequences. You know they just did it and and that advanced human society greatly. But whenever you create a capability, you don't really know how it's going to be used completely. It could be used by people for purposes that you don't really know and we're certainly learning it now about the Internet.

D

So in terms of the awareness of possible impacts and again you have to be modest about your ability to know, I think it's great to encourage the considerations. The aspects the awareness I have no problem with that at all, but again just be modest about the ex-ante versus ex-post problem and realize that things that you do now might actually be used in ways of just really appalled. You later.

E

Hi Bob Hinton been a little while, since we chatted last so two things the thing at the beginning where you said that the you know the Internet is basically static, so so that there's a there's a lot of truth in that, but it's not the whole truth. I mean I. Think the recent worth the ITF has been doing on.

E

You know ubiquitous encryption and privacy. I think you know, isn't. It seems very in line with human rights to make it harder for people to look at traffic. You know I mean there was there's a big tussle going on right now with TLS, with the new version of TLS as to whether how easy or hard it is for middleboxes to look at the encrypted traffic. So I mean that that's a very active discussion here. So there is still a lot of things that I think affect human rights going on here today.

E

So it's not completely static. Obviously it's the basic package. Switching architecture hasn't changed too much and the other thing I've always thought for a long time that when you design technology or in this case protocols, you are making policy decisions, you may not be quite aware of it, but what the capabilities you build in those protocols or the capabilities you don't build in effect, what can be done with them and that that's very much a policy I mean it starts from the creation of packet-switching was a giant policy.

E

You know compared to what what the telcos were doing with circuit switching at a time, and it's allowed a lot of things that you couldn't do you know it certainly made I think wiretapping. Harder is package.

E

Packets are more distributed than they used to be so you know if they're I, think policy and technology choices are not these two separate domains. There's not the policy people and then the the protocol designers. There's a lot of overlap here and I agree. It's good that when we do design, we give this some consideration. You know it's hard to know exactly how it applies, but you know it's worth thinking about.

E

Yeah.

D

I think the the. By the same token, you say that you're making policy decision. Do you want policy makers looking over your shoulders, you make those decisions or do you want to be solving, let's not even to call it solving technical problems. Do you want to be creating technical capabilities, and you want a free hand to do that? Or do you want governments and politically representation to constrain you in those in those choices.

E

My personal.

H

Answer.

E

To that is no I like to do what we think is right, but it thought they do have policy impacts.

D

Yeah I, don't doubt that they do it's just that. You probably don't know exactly what they are.

I

Kkeok Maya I have a few comments. I think it's a bit too straightforward to think like the IP revolution or internet revolution is like a radio or the free press, because we're much more flexible and I understand that on the on the lower layers, maybe the technology isn't changed that often, but when you look now at what's going on in terms of clarifications on higher layers, where also human rights most likely need protection, we're changing the architecture every few years you know ideas come in, but I think there.

I

We have always a possibility to rethink what we really want and build in capabilities that we would like to have on the policy makers. What you just said, I think they are already in the room.

I

So there's I mean you can't say: are they should stay out or whatever they are in the room, and we have so I am mainly activating other standards organizations, not so much the IETF, but we heavily reusing what the ITF is providing and I think that's practically a trend all over the world or all of standards or network standards that is done in these days is whatever the ITF standardizes is defective the thing to take for the sort of communication, so the regulators, the government's whatever they are very active in other standards, but is much more than here.

I

That's my understanding, my feeling and from that I see that the ITF has light momentum to use its capabilities to bring human rights issues, whatever issues into their protocols to make sure they are there and the other bodies simply have to live with that, at least at the moment and I think this is something we should take into consideration. We should keep in our mind that the ITF, from my perspective, can really make a difference here. Thank you.

D

Just one question: for you maybe stay at the mic for a second, so when you say the architecture changes every two years or so what what are you defining is architecture? It.

I

Depends I mean like, as you see now, when we talk about everywhere about virtualization talk about what was a big issue in this.

I

This idea of slicing the whole thing that everything moves into the cloud, so things are not anymore on the or not not only let's say on the client, these are all movements that I mean I, don't say this is something that is good for human rights or bad, but we have to rethink Human Rights on that basis right and we we really have to see.

I

How can we implement things into this movement so I that doesn't mean that, therefore, the transport layer or physical layers sort of resolved all the other problems, but at least on those levels that we currently work. We should keep our eyes open.

D

Yeah I don't have any fundamental disagreement with that I think I would just emphasize that maybe you've made a bunch of technical decision incremental ii over the last 10 years that have enabled this movement to the cloud and this movement to the cloud is going to have a number of policy competition implications that there's no way you could really design for in your protocols there. You know you need to massive levels of concentration, which requires some kind of regulatory response by antitrust or competition policy.

D

You laters, but that's not really your problem to solve, but even though it's an indirect outgrowth of your a whole series of technical decisions, I.

I

Just want to say I I understand. Did you say it's not our our task, but when you see the discussions that were, for example in when it came to TLS, this is sort of made our task, because some people want certain things that others don't want. So the maybe, if you say it's, not our task. Yes from a technical point of view, maybe, but the confrontation is brought here anyhow, so.

D

I totally agree that when it comes to TLS issue, what you're doing is saying we are designing for confidentiality, which is a classic part of the triad of information, security and I'm. All for that, the question is, you know there are going to be countervailing forces. You know, maybe the the TLS mechanisms you come up with. Well, some states will say you can't use those and they'll try to regulate their infrastructure, to prevent that others might find new ways to get around it. That's all I'm saying is that you're not settling the issue by I?

D

You know creating more secure points in in the network.

D

Last but not least, thank.

B

So much for this Milton and thanks so much for the.

D

Reference to.

B

Of beating the mic thanks so much Milton Ron I, thanks also for the reference to the movie, a requiem for a dream. I I'm I'm afraid that this now slowly starts to become a more of Inception, because I'm going to tell you to wake up from your dream and then you're going to tell me wake up from your dream. So, let's see how how matter we can get.

B

But let me go back to the last time when I thought I was awake, you know as a reference, and that was at the previous ITF and that's where we had a talk from from Dave Clark, who said are the author of the famous hustle paper and said there is a tussle, and that is something that you seem to seem to acknowledge here as well and I. Think what we've been saying in a draft. We need to make the tussle more explicit.

B

So my question would be here: what are you adding to that discussion because, as others have said, there are already policy makers here? There are already nation-states here pushing their influences with the Raven process, so you that you've seen we have also seen Wheaton of crypto standards. We've seen also the explicit request for the weakening of crypto standards.

B

We've also been other requests, so I think the that you seem to describe the policy layer as a separate layer, whereas, whereas it's integrated through the whole stack and I'm a bit surprised that you as a Science and Technology scholar haven't mentioned the concept affordances, because network and the technology always has specific characteristics which inhibits or stimulates or enables or disables a certain behavior and you're completely rights. That you cannot completely predict that, but it doesn't mean you cannot think about it, and it doesn't mean you cannot model it.

B

That doesn't mean you're going to be right or you can take that into account. In your your analysis and with the internet. There is also not so much an ex post and an ex ante, but it's a it's an ex to Dante. You know we are continuously evolving the the network and we have no idea how it's going to be used.

B

There was sudden uptick of decentralized bit BitTorrent protocols, and then it seems that distribution was going to be much stronger, but now we see a very big tendency towards centralized a on many different layers of the stack. You said it's not your problem. Well, it is our problem if that leads to a less resilient network, and so that's when we start thinking what can we do about that?

B

So I think it definitely has influence on what we do here and then your reference to the printing press and the radio I was very surprised, but also it was great because the printing press initially was embraced by the Catholic Church because then finally, they did not depend on monks to copy to copy and they could distribute and they thought. Finally, now everyone is going to have a Bible and we're going to have ultra dominance.

B

Well, it turned out differently, right and and but Bethel bred said a bit before you in 1928 was that the the promise of radio can only be fulfilled if the listeners talk back, and that is exactly what were what we're working on now with the internet.

B

So everything has specific affordances and you see different ways in which control is possible and which control is harder, so we've seen, for instance, the possibility of shortwave radio made the distribution of news much easier, but then there, of course, was jamming, but jamming was a very large economic investment to do so, you're also making it harder for people to censor the deads. Also work we're doing here and we've seen now the discussion on deck.

B

You know sni, headers, etc with also a new worker LS, which makes censorship harder, so I think there are definitely affordances there, and not just on privacy and and confidentiality. I have some more points, but I think I'll leave it with that. Well,.

D

I'm not sure what your point about the historical things are to reinforce my point that there's an ongoing struggle on the site of these technologies. The Catholic Church thought printing press was, you know they assumed we control things and but the economic affordances of the printing press. You know almost anything, make one of these things and start cranking stuff, and now you connect that to a dissident movement, Protestantism and suddenly you've got something under control, and then you start yet a more systematic institutionalized regime of press control which lasts for 200 years.

D

The same thing with brought just Brecht apparently didn't know that I guess he was thinking about only about broadcasting, but broadcasting was preceded in pioneered by you know: early 1900s hackers known as radio amateurs, and they were talking to each other. That was the whole point. They were using short waves to bounce signals, around publish contact with people all over the world and it was the radio amateurs who suddenly just got this brilliant idea of connecting their record player to their transmitter and start broadcasting music.

D

Again, you had greenly, diverse and open development of the radio. For about five years and then became institutionalized and controlled through the technical leverage of a chief by allocating and assigning radio frequencies, so I I, don't see you know how you're channeling my point.

B

So I say that there are different affordances to the different technologies, a way in which the internet is governed makes it harder, and that's also part of the later. This political is that the the process in which we can be controlled and can be influenced our difference. Then we get back to the tussle that here we can take the tussle more explicit and can seek to counterbalance it right. I.

D

Gotta say something about the tussle, so I I was there when he did this paper at the telecom policy research conference in what way about 2002, or something like that and to us that was like, oh so, the the engineers have discovered policy struggle. Well, it's like what you want to call it. That's cute that resonates with the engineers, but this is what we do. This is what we talked about for the last 200 years. This is political, so of course, there's tussles over technology.

D

Just like there's over you know, healthcare or you know other kinds of public policy considerations.

J

Allyson medkit I'm, the I work for Salesforce, RI, r, TF, chair and I, don't want. We have some time I interested to know how people at room, especially you think of the Kerala effort, that's going on about values and bias in algorithms, and there too there's a very funny ring component to the discussion and the kind of neat alliance among parties. It's not just a dominant. It's not just policy folks got folks, but also say journalists and I think there's place paid for that. The Fourth Estate here too so I thought.

J

Maybe with some comments about that. Yeah.

D

So the the algorithmic regulation issue, I, think, is simply an extension of the overall.

B

That.

D

You know you create a capability right and then you find what it does and some of the things that it does are unanticipated and whether may be bad and some of them may be fantastic, and then society starts just the abilities based on what had lurked out what happened with your first pass, and this is was a state right now. You know we had this great Google search algorithm and then we covered various ways.

D

It could be gamed or various ways in my discriminatory results, and so now people are wanting to take that was in make them more transparent and the possibility or capabilities of regulate algorithm needs to be also tempered by the the concept of you know, reward innovations. So if you develop this great algorithm, there's wonderful things, but then.

B

You have to expose.

D

It to everybody, you have no sort of intellectual property protection for it that I deterred from developing other algorithms. So there's no free lunch in terms of regulating ability. You have to be very careful how you do that. That's my perspective, I think, there's probably people here who know more about them than I. Do we haven't really focused on the out connect regular much in our research.

C

Phillip oddly I just wanted to follow up on the earlier comment about how the architect has changed. To me with a big thing, that's changing was maybe unexpected 15-20 years ago. We thought it would be we'd end up with something that was highly distributed and lots of people in there Garrard advising applications, and we actually ended up with huge economies of scale, see we sent it up with monopoly. Basically or that's the big trend. Isn't it have them not the particular application area?

C

You seem more more monopolies in terms of the technology because become so expensive to build or make making them make the chips of the Foxit office so I mean, and that must have big implications for human rights. I guess so. Yeah.

D

I, really, you may be talking about what Tim calls the cycle. I, don't know how many of you familiar.

D

In it, but it does have a very important point, which is that all of these knowledge ease go through this phase and then in the early stages. There's lots of small innovation going on it's a very free environment, and then the basic structures are discovered and works and what doesn't work discovery get some solid ation. Then you get institutionalization and some kind of ties to the government and more rigid regulation. And then maybe somebody comes along with the disruptive innovation that'sthat's equilibrium.

D

You know 10 20 years down the road, maybe 50 years down the road, for example, with a telephone system. It took a really long time to to break out of the monopolies that was formed, analog circuits, which technology in the in the 1920s.

D

So the Internet is really following this pattern in many ways, I think you're right that we we thought it's going to be completely distributed and and essentially various forms of consolidation and concentration, have occurred and are occurring and yeah and that's more economic structure than the human rights, but I believe that the economic factors actually have as much impact on freedom, the legal, the nominal.

B

The rights.

D

That it have an environment where you have a monopoly, it doesn't matter a whole lot. What your non-legal rights! Are? You really don't have many options to exercise freedom.

D

Thank.

F

You I think that's a great note to end on Thank You Milton for coming and talking about a paper that you're still working on I, really appreciate you coming in speaking to to this group about it and look forward to reading the paper when you in person any or Farzana have completed it. So thanks a lot. Okay, moving on okay, so the next thing we have is I guess you're talking about Neos your paper on well.

B

We talked about this draft in the last meeting and it was me actually setting up a structure about things we talked and then some people wanted to take it on. There is not a new version out I wanted to check in with room if anyone interested in working on whether we should pursue this further and if people are interested in working on this.

K

Stefan got me last time: I said I was interested, but in practice I didn't do anything. So if someone else wants to step in wet otherwise try to resume but don't hold your breath, I.

F

Saw one hand in the back and that's a turkey Tara Tara Kea so and that would that would be good, so we'll be in touch about how to get involved in and working on it ah don't know where else you want to go with that one. Well, that's.

B

Great that's great.

H

That's great progress.

B

So then we go to the next draft, which will be presented by she's el Affairs, OCHA she's Ella. Are you in remote room and think with yourself you? So we can put you on the screen.

L

Hi, yes,.

L

I am connecting from Mexico it's 3:30 in here. It's warm for everybody that you can fry right now, I'm, going to present later a draft that I've been working on reveals about freedom of association and Internet infrastructure.

L

Can I have that? It's then it's nicely perfect, so we can read about is the last session.

L

The objective was to document form self assembly and Association that in protests that did not have a negative impact on.

D

The Internet infrastructure.

L

This started like thought out like that, because apparently there's a consensus. The eight human rights were tokens considerations. Research group, the denial of service attacks- are no to be promoted by the ietf because they damage the intern architecture. So we were wondering how this does the internet architecture enable and or inhibit freedom of association assembly, including protists, that is encompassed by this right, along with many other rights like freedom of speech and even privacy, so very quickly. The difference between assembly and Association.

L

It's just a question of a matter of degree and assembly rather temporary and as an association is a bit more formal and less of humours.

L

While we were working through this, we can very, we came.

D

Up with a very interesting concept,.

L

That was the concept of forest association that has echoes with the internet architecture itself, because these rights are envisioned as freedoms, which means that nobody is supposed to be forced to join a group or, if even forced, to leave a group. It's just a freedom. You can either join or leave whatever group you choose either temporary or permanent.

L

Also another thing that we've been discussing, we haven't quite reached consensus and it would be super interesting to see when you think is. If the internet itself was an association and assembly or an association, let's just treated as synonyms right now, because if it is, it should be protected by these rights, and that has other impacts on, let's say, other kinds of networks right. So if the Internet is the network, an association and an SM, we are also essentially networks.

L

So we were wondering- and we're still wondering if this is something that we can definitely assert next, please well, just as a side note, the IETF is an assembly. We could even consider an association, even though not in an association doesn't have to be a corporation or it doesn't even have to be legally constructed. It can just be a bit more formal and a bit more more permanent and RFC 3233 defines the IETF said: an open global community of network designers operator, vendors and researchers.

L

So, in this sense, IETF is definitely an assembly Association protected by these rights. Next, please, even the mere discussion of RFC's would not be possible. Without these human rights and justice, an historical side know the work protocol find its way into language. Is computer networking because of this need of collective agreement.

L

Next, please, so we mapped out a bunch of cases and examples, but I really want to emphasize the difference between free association and forced Association, because I think it's one of the most interesting ones that we've been able to come up with, starting by the text of the ICCPR on the UDHR and then taking it to the internet architecture and see how it won, impacts the other and how the text impacts could be interpreted in terms of inner architecture. So free association, it's very easy. Let's just think about mailing lists.

L

You join a mailing list, you're tired of mailing lists. You just unsubscribe the peer-to-peer preppy protocol. It's also a an association and assembly issue because it allows for collective collaboration. Ideally, it would be without the need for centralized servers and but there's very different models of that, and this took us to a next question that I will talk in a couple of talk about in a couple of minutes and then the issue of forced Association, we're thinking about denial of service attacks. As I said, there's, apparently a consensus within the human rights protocol considerations.

L

Research group that there's some denial of service attacks that are legitimate, there's some that are not, but the IETF should not be making those distinctions in terms of content. That's from free speech, free speech perspective, but taken from an association and assembly right perspective. We can we ask ourselves two things. First, if the denial of services attacks.

L

Putting race the entire internet architecture so to speak. Could this be an illegitimate form of association because they, and given that the Internet, it's an association itself, if we are able to concede that if we put at risk the Internet as an association? Could that be an illegitimate association form that should not be promoted? In terms of like your architecture? That's one question, and then the other must be taken into consideration.

L

That DDoS attacks are also a form of forced assembly and Association, because some most times, and sometimes they are done without the agreement or even the knowledge of the in both parts and the Internet of Things, has brought interesting discussions regarding that with ISPs. The logic of forced Association is the same because infinite user, the edge user, needs to accept the policies and practices of the edge networks that provides access to other networks, like for the user, to connect to join the assembly of the network of networks of the internet.

L

If we are ready to concede that they always have to connect through an intermediary and while connected to an intermediary. Well, not always that, let's just save most of the time while connecting through the intermediary, they have their first to accept the policies, practices and principles of this network. So can we say that internet connection, thrice peace, is a form of force Association?

L

Next, please, we've also been discussing which model is better for freedom of assembly and Association, centralized or decentralized, and why both things have to seem to have their pros and cons the centralized models they protect anonymity and privacy. They are usually more resilient networks and more resistant to censorship mechanisms, but also centralized structures have enabled people to group together to identify each other better. They recognizable places more visible and also in some some other cases.

L

They enable for quicker interactions and even dissemination of information. So can we say one is better than the other? Yes, no, and why I'd love to think I'd love to hear out what you what you think on that next, please so, just a quick set of preliminary conclusions. The Internet does have does impact the ability for people to exercise their right to freedom of assembly and association, and then can we think and assert that the Internet itself is a form of Association and assembly and therefore it should be protected as such.

L

This would be very interesting because of the consequences, the legal consequences it would have and as I was saying, the consequences it might have and other networks and then to get access to the Internet. One could argue: one is caught in the First Assembly with the access network next piece.

L

That's it comments, are we missing something? Did we mess something up or anything like that? Thank you very much.

M

Oh.

L

Interesting.

L

Tower looking right.

M

Yes, so because, but never.

M

From freedom, so I was.

L

So essentially, the arts.

L

Then, of course, you would have the right to not be part of that Association.

L

Right I mean that's where my right now, but it's super super interesting, but mourner unique from other rights perspective. We can also build on the right to be fine and.

L

Totally level, for example, if you could get the lease today range from.

L

Your.

L

Burning, can you actually.

L

You.

B

Boss protests, then what would it be? So that was actually the the origin story of the draft.

N

But I think if there may be value in whether it's this draft or just a two-page document that says even the people taking part in this research group have been convinced that yes, DDoS is just an attack and nothing else that I think might be useful.

B

Thanks so much Gisella thanks so much for calling in from from Mexico and for for staying up I.

B

We don't hear you anymore.

B

Our kind of lost in space now, but at least at me it was nice for what it lasted.

B

Okay yeah, so we lost audio, but thanks so much easily. So we continue with the next draft which I'd like to ask Andrew Sullivan to to come forward.

G

Hi there oh I, even get to drive. My name is Andrew Sullivan and I'm here to talk a little bit about a draft that Neil's and I put together, but I hope that mostly I won't talk and you all again tell us how wrong we are.

G

So I just want to give a quick outline of what this thing is about and what we've described in here and some issues that have already come up in discussion on the list and then we can maybe have some discussion here. So some of you will remember that I was one of the critics of this claim that protocols are political, that was in the HR PC research document, and there was some back-and-forth about it and I think the document ended up a little bit weaker than it had been, but also on it.

G

You know some of those claims are still in there and I think that there's been some some discussion about it. So we wanted to understand. Nielson I wanted to understand what the possible positions are about this and then try to distinguish among them. So at least we could understand them and then maybe and I think he's more optimistic about this than I am. But maybe we could answer whether there really is a political dimension automatically to two protocols, and so we've got some described positions.

G

The first one is just this value neutral position, which is, which is a position that certain it has a very old tradition. But there are people who who continue to think this today. So the values are all.

G

Analogies here with mass media development or traffic or dams and rivers, that kind of thing where, where they change the world and they make the world different, there is some say: there's been some suggestion. Actually that because of this, we've got some category mistakes in in the document that some things are are not in this category. That should be, or maybe there are some things in this category that should be in the next one.

G

The the last of these positions is that the protocols are inherently political, so this is the position that was controversial before, and so obviously we were trying to make it as clear as possible here uh and- and this is the one and I think you know- Bob- was sort of suggesting this earlier at the microphone. I think this is something that Neil's believes that the protocols are. Fundamentally, you know politics by other means you're making decisions and you're making political decisions.

G

Fundamentally, there is some some people read the postman things, there's there's a bunch of stuff from Neil postman in here, and some people read postman actually to say the previous category of stuff. I I don't know what postman says a lot of the time, so I'm not I'm, not too keen on on on adjudicating that dispute. In any case, those are the positions that we were trying to to outline.

G

Now we identified some some issues in the zero-zero we hadn't defined politics or political, and it seemed that there were a number of cases where we were stumbling over that so the zero one that's already out, but probably you haven't read it- has attempted to to give a definition of that. This is the working one and it's there on the screen or you can read it on your own screens later if you would like on, but it seemed pretty obvious that this this draft is gonna, go absolutely nowhere.

G

If we don't, if we don't come up with some definition here so so we've done that there are some other examples that people sent to us feedback that we should include. We didn't include the Raven process, but I guess we probably better. Maybe we need some more discussion of RFC 69 73. Maybe there are some other cases. So if you have some other cases that we ought to be looking at, we are keen to hear about them.

G

Eliot leer had a really interesting set of remarks about how the document says. The ietf is not the protocol police and, of course, it is true that we can't go out and force people to use our protocols or anything like that. But there is a little thing here right, so we're quite aggressive actually about about our IP. Our rules, the the ITF, is extraordinarily strict about what you may and may not do so much.

G

So in fact, that you know authors of documents that are being published in the ITF can't put them under different under different terms. They have to go into the IETF terms. They can put that they can put the document the same document under other terms somewhere else, but they can't publish them as an RFC.

G

This has come up several times because people wanted, to put you know a Creative Commons licenses on things and so on, and it's not allowed and the reason for that is because the ITF s-- IP our position is that it wants to control derivative works so that some other standards organization can't come along swallow the thing up and then close it. You know with with a change or something like that, so that there's there's a practical reason for this.

G

Well, that's a kind of protocol policing right that what that is, is an attempt to enforce certain kinds of abilities of other people to do stuff with the work product of the ITF. So so, depending on how you interpret protocol police, there's a potential thing here and I think we're gonna work a little bit harder to to tease this out some more I think in the in the document: it's not there yet, but it it would be interesting. There was also this other question about a single vendor.

G

End-To-End thing like is that a different political kind of situation? We have a lot of these now right. There's a lot of stuff deployed on the internet very widely deployed on the internet, that is end-to-end controlled by a single vendor and and maybe that changes that changes something about it. So we want to investigate that okay, so these are the questions that we have anyway.

G

First of all, whether if this is at all useful or maybe it's just useless and we can stop um if, if we updated this, you know, would we get any more reviews? Also, we want to know if people think this is actively harmful, because there's lots of stuff that you know you can write down that you shouldn't and obviously there's probably stuff, we've missed so I invite you to tell us what we've done well or badly I think that's it right. Yeah.

H

Okay, I.

G

Think.

H

Oh, this is Shanker well I. Think. Certainly you have expressed a number of concerns several times throughout this research group and I. Think there can't be anything wrong with writing them down in a structured format like this and making them more clear, so I think if nothing else the process of writing. The document I hope is helpful for people observers.

D

Like.

H

Me, who often didn't follow the discussion between our philosophers up at the front there. So now, whether or not that means it actually needs to be moved forward into a document. I can't say I think there's no harm, especially in a research group of publishing it as it as an RFC.

K

Stefan-Boltzmann speaking, why I have to concern with the we see a draft one is that it seems there was a lot of overlap with HTTP at LPC research draft, because it's our protocols, political, is already is a basic question of the research draft. Maybe one way to solve this overlap would be to focus on explaining to people, because the research draft is very harder to read. It's a lot of things, a lot of discussion, so maybe your short draft focusing on the ordinary IETF participant and explaining why?

K

What is the discussion about our protocols? Political could be useful because in the current state, it's not clear of what is the purpose of the AAPC political draft on? The second concern is the section on the voluntary standards.

K

It's not clear for me it if it refers to volume 2 in the elaboration in the creation of standards, the IETF work is done by volunteers, a sort of thing, oh, is it about adoption and implementation of stand on by the rest of the world, which is when we created the standard with people have to deploy it or not, which is the older question of protocol police? So it seems to me that the current section 9 completely mix the two things. Okay, thank you.

I

Thank you admire speaking I. Think on the protocol. Police I would think we you could extend it so far as I understand you say it's about IPRs and who creates and owns the protocol. But the ownership, in fact also includes, if you how you can extend the protocol and we had issues in the past practically from an outside body.

I

We wanted to to extend the protocol at the ITF said no for technical reasons, nothing to do with human rights or politically reasons, but I think it shows that the owner of a protocol has a certain power over what can be really done with it and where it can be applied, and that is something that it's not just in the beginning, but also in the evolvement of the protocol and maybe also when it comes to evolution into a new protocol, because if you do something today and then a new generation is needed, everybody will look into this room and say what do they have to say right?

I

So that's maybe also something you want to act there. So this.

G

Is very interesting but I could you say a little more about about the cases where somebody wants to extend it and, and the ITF says says in effect no I I mean I can think of some examples of that, but some of them are more controversial than others. So it's.

I

A little more I mean if we I'm I work with 3gpp right. So when we came in the beginning and wanted to do practically the circuit switch network with SIP, then there was a lot of controversy. Saying practically SIP is not meant for that.

I

We were able I think to 99% of these cases to resolve one way or the other. Some things like charging, lawful interception and so on. They will stay problematic and always ray give phrase for discussion, but I mean we have a way of of resolving that and I'm don't wanna touch whether this is good or not. I just say the fact that the IDF forced us to practically delay our work for quite a while shows how powerful the IDF is.

I

At that point, it was painful for us in the work that you want to undergo here. It might be a factor that could be used in a positive manner. The other thing that came to my mind, I, was I, didn't say that before was when we talk about such things, is it and really still the protocol or is it not more the protocol and who does the protocol?

I

So there are two things that can evolve right: the technically things that are written down and the group of people that governs it right, not sure if this is addressed in the draft I.

G

Think it's very weak right now and I think that that's a that's a that's an important point that I think is a little bit obscure right now. Thank.

I

You very much.

M

Hello Cara. Okay, thank you for the presentation. I wanted to challenge the notion that technology is valuing neutral. I. Think you cannot. You cannot. Technology drives its values from its users, so these values also applied to technology itself.

M

One one way like one way, I like to illustrate this, is like using the concept of like muscles hammer. So if the only tool you have is a hammer, then all your problems start to look like nails and so I think like that, that's one way the investor. It's why it's important! You cannot only consider technology by itself also consider it's the whole set of its users when determine its value think sit.

G

But but you're not you're, not disputing that there are people who think that the technology is neutral and all of those values are actually in the humans. I think those people are wrong. Yeah, yeah, III think the I think the extreme position in the other direction is wrong, but I lay it out. So, okay, thanks.

F

Alfred aureus, speaking personally, I think it's actually very useful to be working this out and I think it's especially useful at this point to sort of work out that whole notion of protocol police, which is some we talk about frequently, which is police of the protocol as a protocol versus police of how the protocols are used, where one is indeed the case and and the other is it so I think it's very good, because that that conversation is always somewhat ambiguous and defining it and getting past that ambiguity.

F

It is a good thing, ah so I think if it were just for that it would be worth it because that is a conversation that needs to be had in understood. So thanks.

N

Icing problem yeah I'm, not at all sure if this is useful.

N

So there I can see that there are two dip, those kind of more and we're. Looking at more outward looking scopes that that that's a fair point, I think but I'm not care about I did up images, work to try and document by this there might be and I think you know the discussion would be irresistible.

N

So maybe this is one where you guys are still willing to push it along, then see where it goes, and it's a yeah I mean I would be concerned that you what you said basically, but there are some things that are better, not written down. Sometimes.

G

Right so so then I guess the question that I would have is is what would you say to Stefan's point before that the research document is actually you know it? It tends. It's got all the survey, the literature and all the rest of it in it, and so for a lot of sort of IETF participants, it's a little opaque, and so maybe this is a the you know. The quick and dirty guide to aimless thinking about this or something yeah.

O

No.

N

I'm not saying I'm, not saying I'm anti decide, say: I, just don't know you know, I mean I, don't know if you can kind of lay out or you know the various positions different people have been aware. It's understandable that the ITF community and still short and understandable to the idea community right and I'm fairly clear that I, don't think you want to kind of pick one and say this is a this is the right answer. Yeah.

G

I'm not too sanguine about the possibility about myself right so so.

N

If the John I'm also not.

G

Convinced I'm also not sure that the ietf community really wants an introduction to Heidegger.

G

We.

P

Have you for that right.

B

Shortly speaking to the overlap on between the research draft and this draft, I think that they claim that we work out in the research draft is that protocols have an impact on human rights, which is a very different claim than politics are political. So you can say yes, Human Rights are political, but that doesn't make it the same and I think. What we do here is that we dive it's in a similar way, as we do with the Association draft.

B

Is that we look much closer, so we zoom in deeper and we analyze the case further. So the research draft was kind of seeing where this research area makes sense at all and come up with guidelines, and now we're like at a next iteration to try to understand what are the specific problems?

B

Did the initial guidelines make sense and what are the ways to approaching and documenting this, and because this is a topic that comes back and again and again and again on on the list and in discussions it is very nice I have a shorthand to say. Yes, we talked about that. Let's have a look.

N

In probably yeah yeah- and you know- maybe this is something that would be better as a academic publication and then, when that's the kind of done thing to try and reflect that in a in and I into the platform as the ITF, you might be better that that analysis is not trashed out in the typical kind of a RTF, IETF style, I'm, not sure I'm not arguing to not do this, but I, just not sure it's useful.

G

So this has been helpful to me my my conclusion from what I've is that at least one more iteration of this would be helpful, and at that point we can decide whether any further work is useful, so I think I think we'll have another go-around. Thank you.

B

So here we get to the presentation of the hackathon HTTP status code 451 and there we have the combination of two of line presenters and an online presenter, olga cruz de leyva, al poker. Please come ahead and stand in the purple box and is meet echo working again and if so Siobhan, can you put yourself in the queue? So we have you on the screen.

H

There Siobhan.

B

Great to have you there meter, how can we have Siobhan Largent's been great good to see you there I will give the controls to help and I'm sure among you, three of us among the three of you, you can make it work.

Q

So I can tell that some of you are quite interested in implementation, as well as the policy and perhaps you've been waiting for a bit to see how these things play out. So we're going to look at some of the things we've done to monitor and track the success and the implementation of RFC seven seven to five. So that's the HTS code, four five one. So we were at the hackathon and we got the implementation, so I mapped oka.

Q

This is all go kristef aber, and so this is what we're, what we're doing the hackathon we, which got the best new work, so it went quite well and at the hackathon we built tools that basically track that they crawl and detect set case of censorship online. So it was a matter of really trying to see if this RFC is in use its deployed its way of declaring incidence of legally without content online.

Q

So it's also quite a diverse participation from groups that you may not see in other spaces and working groups, because it's represented by civil society and I. Suppose part of the goal is to bridge the gap between policy and tech, so I think that she been wanting to maybe look at some of the implementation. Is that right?

Q

Okay,.

Q

Okay, so the purpose like I said it's three to add some transparency, improve tracking and also to understand how how the implement, if it can be implemented if the specs commitment said and used in practice and what flaws there are. So you find that HB 403, for example, isn't isn't necessary suitable for this kind of task.

Q

So the implementations there were I think five, five six invitations. In total there was a crawler which scans the web WordPress plugin, which implements the actual status quo and daemon that collects all the data and centralizes it. The block, collector and a browser extension, a chrome, Chrome extension that allows users to report incidents that they detect online as they browse and also an alternative Prada which validated some of the standards or.

Q

What's on the specs, we built to really relay a censorship data in JSON, so part of the goals also to build a standard well at the beginning of a perhaps a description of incidents where or observations of, blocked contents.

B

No.

O

So yeah.

O

So.

O

Yeah.

O

So this is an alternative college to the one please and it's okay, yeah.

O

Yeah.

O

Is.

O

What the current.

O

Use the description of.

O

Most.

O

And if you have a suggestion, David, perhaps really potentially useful and also documenting a common description that she liked about happening, but also be useful for the last part of the report.

O

We talks about revision framework and we did some case studies on little junkies different ways in which, and so we saw that geo blocking the IP address- is pretty common keeping forms of freedom of expression, laws way or gradually expanding them over the years also happens frequently Ice Cube, locking is pretty common in Iran and India and in the US legal blocking in case of upgrade law takes the form of notice in takedown.

O

So to summarize, the status code is useful way of providing information about a legal dog, but standardization work needs to have needs to be done before you can see widespread usage yeah. That's it for me,.

R

And in the draft we try to consider all of these that you can see in the screen and talk about what possible implications that is called four five one can have and.

D

I.

R

Guess there are a couple that are more relevant than others or more concerning than others, and so one of them was privacy, privacy and anonymity, because, like the, if the user tries to access the website a web page, that is blocked the he or she often would get a four five one response, but then would get redirected so that could include potential privacy breaches and it it can mean that the user can be identified. The same is because the four five one is cached by definition, so there is a trace of that.

R

The user tried to access blog content on his computer. So if the computer is lost like it's possible to retrieve this information and also the observers of the network have access to to see who try to access the blocked content, so those are some of the biggest concerns and in terms of censorship, it's it's a great tool of censorship, monitoring. It doesn't solve the problem of censorship and we make we want to make it to a point that it's not it's, not okay, to censor using four five one, because it's not okay to censor point.

R

So it's not a way to make censorship more ethical. More than anything, it's just a way for for the user to sort of see why they cannot access certain content because, as we mentioned in the draft, the response should include the legislation like the link to why which lies applied and why the content is blocked and also who made the decision where there was a court decision or which governmental body actually asked for the content to be blocked. So I guess.

R

We would like to try to run the crawler in different countries and to see what content is blocked. We did it. We did a short small.

A

Test run.

R

And read it in Turkey and some LGBT content appear to be blocked using four by one, and so we are currently working on running it in Russia and potentially there are more countries where we would like to try it in to sort of, monitor and measure censorship and yeah, we'll gladly share them with you and the next item. It is.

Q

Worth noting one of the outcomes from from all of this, that's I think it's worth noting is that the language is the way we think about this change slightly over the course of the work we did and we found that there's maybe less of a desire to encourage the adoption of 4-5-1 but more to actually track it there's a risk that you might end up actually sanctioning these acts of micro censorship, instead of making them more transparent.

Q

So there's always balance to be had between you know, encouraging a a standard and and putting it out there so that people can use it when they need it. So that might be one of the things that that's needing clarification, perhaps in a revision. So we do have a few resources here that you can look at there's the code on lining it up and there's a live demo as well at net box, org, slash dashboard, which is an outcome of this work.

F

Thank you. Are there any questions? Anybody at the mic, I, don't see anybody at the mic. Anybody heading to the mic: okay,.

S

Spoon uniting speaking I just try to understand this thing: I wrecked the RFC just right now, and what I'm wondering is understand that also intermediaries, like providers, could be ending out this kind of four five farm code to block content on behalf of government or whatever, and are there any considerations if HTTP is used or the NSA kiss use? There is kind of thing, doesn't work anymore, so well, if they already means on consideration. If, yes, what will be.

Q

So it is possible to inject a 4-5-1 page in a ISP intercepted page page load, HTTP resource code. If it's not encrypted, like you say, with TLS HTTP, there's a separate set of problems. The content isn't visible to the intercepting party at the moment for five one use is really envisioned for used by the entity from which the legal block has been requested is the actual publisher which which restricts its own content.

Q

So, yes, there is desire in cases where authorities used block pages already to have them delivered with a 4-5-1 status code, but realistically, there's no desire or plan to put this in any way in terms of intercepting HTTP content. I think in that case, it's completely up to the it's completely up to the publisher on how to do that, or whether to do that and.

D

I think.

Q

Personating that's the way it should be, and that's certainly how the RFC is at the moment, I'll.

S

Just read: I'm not like defending like what's going to happen with blocking in the implement. I just see these problems now whereby in fighting against blocking.

N

It's just a question: I think you kind of mentioned it is that there's you know if people start using this and then you go off and measure it in some sense that could distance end people from using it because then they you've measured it. You might report on that right and have you thought about kind of ways of collating results are not anonymizing them necessarily, but maybe you've done this already of reporting out in regional or functional or some aspects of what's worked without necessarily calling out the person who's publishing before five one.

Q

Yes, we started to look at this and one of the ideas we have is to use the IP anonymization IP address' anonymization work, that's going on at the moment where we can choose a kay-kay sample to create a more anonymous grouping or because we don't want to provide the actual I physical IP address, but we do want to give an idea of which hands which regions are impacted. So in terms of monitoring, these are questions that we're looking at and we need to answer these questions so that we can publish actual useful data.

Q

But you know in the time given so far, we haven't really done a analyzation or geo implementation. At the moment, yeah.

N

I guess there is because I know it's a networking context. It's a natural thing to go and yeah do some kind of surveying and or use that map or something and then publish traces may be anonymized something. But in this case, if you publish the urls that you find that's not so good, that's.

Q

Another problem I mean one of the ideas we had before is maybe to put the URL in a image, but that also has accessibility issues and one of the other ideas we have is in the protocol, perhaps to encode the URL so that it's not in clear-text, so there's a risk. If you have a list of all these as blocked sites, then crawlers are going to consider your your own site, which hosts the transparency report as a dangerous site.

Q

So in our current protocol we do specify and encoded an encoding of URLs, which I think all implementations have switched to at the moment. So the probiotic of the 4.1 URLs are actually um base64 encoded in the current spec of the vertical. Simply so, they're not visible, and they don't become a problem to people passing around the data. Okay,.

N

So that's one thing is just going to accidentally mistaking this for the resource that is, but that is censored.

Q

Or even just clicking on it in your editor, you find text. Editors have feature you think.

N

Yeah I'm: okay, thanks thanks.

F

And close the queue.

A

Okay,.

T

um I want to add that this is really dangerous. What we do.

T

Let's say: I'm part of the fight against Internet censorship since many years and we're trying to organize you know if this is just joke 4-5-1 and then it can be used as form of protest right in the internet. So if, if they force you to remove something, you put a 4-5-1 on it and as a protest, a sign of protest that this should not be right and on the other side, if we start to take serious, then we are kind of like it amazing the end of freedom of speech.

T

You know so we're kind of organizing a measure where, where the enemies of freedom of speech can say well, we just goodbye- and so I just want to put the morning here on the table that this can be really dangerous. If we take it too serious, this very special hour see.

R

Well, thank you for your comment. I think we're aware of this I guess. The idea behind it is that they are already doing it and, for example, in Russia 4-5-1 is used a lot by because there are different laws that are regulating internet. There is the law about bloggers, being distributors of mass information, and so, if you don't register in a certain registar, your site can get blocked, and so there are various laws that are for a like a citizen who is not very much into tech. It's like okay, it's blocked by law.

R

Then it's it's sort of a valid reason for blocking. You know what I mean.

R

So if you don't know what the law is about exactly and that a law is actually kind of a censorship law, you might think that whatever yeah there is a reason, because also and I guess it's worth mentioning that some of this content is like pornography or online gaming, which can like I mean censorship, is a I guess we have to define it as well, because it's a very you know like the line, is the thin line between censorship and what's not censorship, so I guess we have to distinguish in-between that, but it's it's a way, I guess of measuring something that already exists rather than encouraging compliance with the status code.

R

Okay,.

T

Maybe I should add, then, as an answer on what you said. Maybe the view in Russia can be very different from what I said. I don't know the situation there. I can talk about the view in Germany, where we have a really fighting internet censorship and it's really a tough one because they really wanted the government wants it and it's also a discussion even in Switzerland, you know known as free country again we have internet censorship on the table politically and and there is where I was commenting. Okay, thank.

F

You um I I had closed the queue. We've got four minutes left. So really it's a discussion to take to the to the list and because I have a feeling it's gonna go on for a bit but sorry but I had I had asked to close. Thank you. Thank you very much, and hopefully we could continue the discussion on the list and.

B

From what I've heard, there's a good chance that there will be a hackathon on this again in Singapore.

F

So really good thing to discuss on the list: okay, just a quick update on the status since the last time. Draft irth RPC research has gone through the IR s, G review and I guess it is just about to go into the is G conflict check and I on a review, but Allison is coming to the microphone. So can we.

J

Straight to be completely clear, I was I at any time. You tell me to do it. I, like.

F

I have already right.

J

Yeah.

F

Okay,.

J

All right also thank.

F

You yes, no throughout this week, nothing new came up that needed to be, and even through today's meeting, nothing came up that needed to be changed, so I think we're fine. Thank you, RFC ahead. Okay, thank you very much whoo and with only two minutes left I. Don't know that. There's a lot of time for open discussion of the drafts papers and ideas, so I would just like to say that submit them to the list and we'll get them talking. Did anybody have a quick something they wanted to say like?

F

There is my paper on blah and you should all check it out. If not, please use the list. It's got some discussion on it. Sometimes it could use a bunch more and with that, there's an open mic for a whole minute and a half out.

B

Also, the co-chairs I think would also really appreciate input on that that we change their formats made the meeting a bit longer. It had a longer talk, so a comments on that. Whether it was good bad should do it differently at the mic or afterwards would be great, because we did.

F

Change it because there were comments last time, so we want to see if we did the right thing and changing it at this point, seeing nobody at the mic and nobody with anything to say, I guess we had a whole minute extra. That I could have let people talk earlier, but thank you and thanks for coming, even though there was a bunch of other good stuff going on. At the same time, please be active on the list. Please come up with new drafts, Thanks Oh.

F

Does anybody still need to sign the blue? Please.

B

Do so so then we get a room again next time.

A

You.