Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Internet Engineering Task Force / IETF 115 / 11 Nov 2022
Internet Engineering Task Force / IETF 115 / 11 Nov 2022
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: IETF115-HRPC-20221111-0930

Description

HRPC meeting session at IETF115
2022/11/11 0930

https://datatracker.ietf.org/meeting/115/proceedings/

A

Hi everyone uh we're going to get started soon, but just in the meantime a reminder that you should scan that QR code and get in the meet echo system. So you can put yourself in the queue, um also a reminder to wear a mask and just give us a minute. While we set up.

A

Thank you.

A

Oh um downstairs at the registration, but.

B

I can go.

B

Thank.

A

You.

A

I'm, just gonna notify I, don't know meat Echo, but we, some of the slides we had uploaded, are not yet visible, not really sure how to refresh that. But we've got a few minutes before that's an issue.

A

Okay, I see it now cool. Thank you. It works it's so funny because this shows it, but when I go to share pre-loaded slides, it doesn't show us. That's probably fine, see they're. Only these three isn't that strange, yeah yeah.

A

Okay, yeah sorry I'm, just speaking to the meet Echo folks, we've got the slides um that we need in the uh materials list, but then, when I go to share them, decks ready to be shared only has three of the five three of the five we've just had a recent upload in the last few minutes, but um yeah see, there's a difference between data tracker meeting materials and decks ready to be shared.

A

Colin's fixing everything right now. Thank you, Colin got it. That is fantastic. Thank you. Okay, we're back on track, folks, we're going to get started um and really the um stick to get off this window. Okay, um we're all set I'm, just gonna, pull up, chair, slides and we'll go ahead.

A

So this is the human rights protocol considerations, research group: um this is a two-hour session. We have a two invited talks and um some pre -loaded aob, um and so this is our agenda.

A

Do folks have comments on this agenda at all? Would you like to add yourself to aob?

A

Actually, this is not accurate. We do have another update on a on a draft, so Sophia isn't here, but I know she wants to be on the agenda later for some of her work.

A

Other things all right um so in um in that vein, I'll also just remind folks that this is being recorded.

A

I'll again remind you to scan the QR code so that you can get into the meat Echo System put yourself on the Queue when there's time for questions and discussion, and also my last order of business at the beginning is to ask if anybody would mind taking notes during the discussion, this will be not capturing the talks, but rather capturing the discussion. After the talks and discussion about our drafts can I get a volunteer.

A

Thank you thanks. Very much Michaela appreciate you all right so just in um in the introduction. I have to also remind you of the note. Well, you've maybe seen this a lot, but for those of you that have just come today, it's important that you disclose any intellectual property interests when you're speaking at the ietf and the irtf.

A

um We also have a privacy and code of conduct in our note. Well, that's really important. If you haven't read that or aren't familiar with it, you should re-familiarize yourself um and so also I wanted to remind us of the goals of the irtf, because this research group is within that. So we're focusing on the long-term issues. Specifically This research group is looking at the human rights considerations of um internet protocols and the standardization of those and and we aren't setting standards.

A

uh We really are um publishing informational or experimental documents, um but a lot of it is just discussion and talks, which I think is a really valuable, Converse contribution to the community, and so we're chartered to research specifically um how internet protocols could both strengthen or threaten human rights, and we use their two main documents that we rely on to Define human rights. That's the universal Declaration of Human Rights um and then that's also the international civil and political Rights Convention.

A

We've continuously begun, like discussed um two rights for the most part. It's freedom of expression. Freedom of assembly privacy is, of course, also a human right, but that is in a different research group. Siobhan is in the room. He knows, there's plenty of overlap between our research groups. That's a good thing.

A

And then I think also another wonderful thing about our objectives. Is we bring folks first in human rights into this space to also hope that there's pollination cross-pollination and the other reduction, where they become also more familiar with the technical community and the inner workings of the ietf foreign?

A

We do have some drafts we're going to go over them. We have some published rfcs.

A

um There are other outputs, I, think that are less easy to quantify, but tend to be around sharing information, publishing blogs that sort of thing, but you really have to sort of follow the folks of us that have been busy in this group for a long time, I'm wondering if aubry's in the room I see Aubry online she's, not the previous co-chair of this, and does a lot of that as well um so work to date.

A

um We you know: we've been chartered since 2015., um there's a film online that you can check out um and then we've had our major work published RFC 8280, which is really lays out all of the human rights considerations um and we're currently working on a document. That's near publication! Well, it's in it's further in the publication queue um each and every meeting that sort of takes 8280 and distills it down into a sort of more bite-sized work.

A

I would also say that the work to date I'm, including all the talks, the invited talks, we've had the meetings we've held. We've held approximately 23 meetings, which is quite a few at this point um and I'm just approximating, because I haven't actually counted, but we've we usually have about two. Sometimes three talks per meeting, so we've had 50 invited talks on a variety of different topics.

A

um There's a lot of discussion about censorship, which is going to be a one that we will hear about today: um privacy and encryption, various forms of digital security measures or considerations for groups that are at risk and most marginalized variety of emerging Technologies, including blockchain, based things and um environmental sustainability. There's probably things I'm missing, but I just tried to off the cuff remind like remember what we've talked about in the past.

A

We have two current drafts, um we'll hear about both of them today. The updates on those they've both progressed since the 114 meeting in Philadelphia. This is what I mentioned before the guidelines for human rights. Protocol considerations is a companion document to RFC 8280, and then we have a um a specific draft on free association.

A

um And then this is for later so we'll get back to these slides I'm going to first.

A

Have us pause there's an important um piece of the agenda right now, I'm going to ask Tara to come on. If you can.

A

To explain the context here, but this is a sort of last minute addition to our agenda that we're putting at the front because I think it's an important reminder for folks in this space, so Tara I'm just going to hand the mic to you at this point.

C

Thank you, Mallory um yeah. Thank you for um holding this space to talk about uh Allah and his in his mind of freedom um in his own words. First and foremost was uh there is a free and open source developer He's a Part. It was an important part of our technical community, he's also a writer a tireless Advocate and activist with people's rights, and also for many.

C

He was one of the symbols of the twenties of an Egyptian revolution um last but not least, he's a beloved colleague friend and member to many and a loving father to his son khadid, who has been deprived from him as he spent most of the nine last nine years.

C

As a Prisoner of Conscious I know it's a special person, but his situation unfortunately, is far from special thousands of people, language in Egyptian prisons, unfairly, with no access to lawyers tried under martial courts and trumped up charges, many just for being in the wrong place at the wrong time, tens more dying because of terrible conditions in these prisons. In fact, a large crime was sharing a social media post about one of those stories.

C

Furthermore,.

D

His lawyer.

C

Was also arrested when he went to attend one of Allah's interrogations. Allah was tried under a State security Court, which is a martial Court, while that was the official.

E

Reason Allah.

C

Is in prison, Allah is also being punished for who he is as a symbol for many and for being someone who always advocates for justice, even when it's not convenient easy or popular um I think as a way in order to deter others from standing up to tyranny and in a way to teach him a lesson.

C

Allah is also father and a friend who has paid a big price for his activism.

C

The past nine years, with almost no sign of improvement or recourse to Justice and I, went on a limited, limited calorie strike earlier this year and escalated to a full hunger strike at the beginning of the cop 27 U.N climate Forum at the beginning of this week and I did this because he wants to live with his family friends and his son, and also because, if he were to become a symbol or a lesson, he wanted to do it on his own terms and teach the lesson he wants to teach um in many ways.

C

Allah has already won his fight. He exposed the Tyranny and Injustice he and thousands of others are are facing by the Egyptian government and helped share their stories uh of the thousands and prisons on a global platform.

C

He highlighted the empty Planet attitudes of our world leaders and their timidness to take any action, let alone on climate change.

C

He also mobilized and gave hope energy and urgency to hundreds and thousands of people who share his desire for a better world, unlocking new avenues of solidarity and Global mobilization all from his prison cell and highlighted the importance of the human rights as a Cornerstone of human progress.

C

Allah is doing what Allah does best he's fighting to save us with all the means at his disposal. What it means to be seen is what price he has to pay and whether we can save him back to give him a chance at living his life again.

C

We have heard no news from him since he went on his full hunger strike. The Egyptian government is not giving access to his lawyers or um his legal comes. Is his Consular access since he's also a British Citizen, and we have not heard any news. The only news we've heard is that there's a fear that he's currently being force-fed, which is considered a form of torture.

C

At this stage, I would have loved to have like a call of action for you of any sort in order to help um ask for your help and and not as struggle for freedom, but unfortunately, like the options seem very limited at this stage. I would ask maybe that you um look for the freedom for Allah page on Twitter or and follow like whatever actions they propose there at the moment.

C

um In the meantime, I thought the best way to.

C

um The best way to.

D

Celebrate.

C

Allah at this point was to share some of his words because I think like as someone who is really passionate for technology uh new technology and as someone who's also equally passionate about human rights. He would have appreciated the work of this group and would love to have critically engaged with it.

C

So I'm sharing some of the words that he wrote that might be relevant to the work of of this group that I found um in this article written in 2016 Allah, was reflecting on um platform economy and platforms like uber and how they affect people's rights, um and he was reflecting on it from his place in the prison cell, not having access to news on demand and just whenever he could read or hear from magazines that were available to him.

C

um Allah says um seeing as the standard cues of casting doubt on official narratives and being an inverted, an advertent offender when it comes to challenging hegemonic ideas. I find myself in intrinsically doubting this account of disruptive Technologies.

C

This is despite my.

F

Usual enthusiasm.

C

For modernization advancement in technology, Information Technology, most of all, and despite the many benefits these Services networks and Technologies offer me. It may be true that the Industrial Revolution brought widespread affluence, but the painful convolutions that accompany that were by no means quick to subside and it was Generations before things settled.

C

Neither the luddites nor their children, nor even their grandchildren reap the fruits of the Industrial Revolution, and what relative Prosperity abroad was not the result of Technology alone, but of the interplay between technology, technological innovation and political reform.

C

The periods of the regularization of the work hours, the prohibition of child labor, the establishment of industrial safety regulations and traditional to minimum wage, the negotiation of wages to collective bargaining, the introduction of regular statutory holidays, an acceptance of the idea that health and education has rights to be granted in the form of Public Services, funded via taxation, from the profits of the industrial revolution's beneficiaries, along with many other rights and protections for the two age liberals that we take for granted today it is the same rights.

D

And protections.

C

Which the fourth Industrial Revolution is threatening. If industrialized societies had continued to allow Factory owners to employ children for long hours in inhuman conditions or fail to introduce progressive taxation based on profit, as was the case early in the industrial revolution, it would not be possible today to consider Luddite as a synonym for stupidity and backwardness.

C

Most importantly, the process of transformation was a path of better conflicts between different classes of interests. Liberal rights were invested by force from States governments and Factory workers after Decades of protests, struggles and revolution.

C

Yes, the Lord has were defeated, but in their place, came working class, Fighters and activists who did not reject progress but sought to impose their own terms on the course it would take.

C

Elites and ruling classes treated them with the same violence in the region, method out to the luddites, but the resistance, continued and sometimes protests were so hated that the workers sabotaged machinery, the difference, of course, being that, where the related Soul design was a sabotage machinery, the workers so sabotage as a mean to exert pressure which was rapidly replaced as unionization and Industrial action became legal rights designed to take the place of violence in counter violence.

C

To characterize the historical process by the Industrial Revolution, as temporary birthing pains that gave away to affluence and ease not only obscures the details of the class conflict within the major industrial Nations, but also the differing ways. Nations experience, those transnational transitional pains the Industrial Revolution brought about Colonial expansion and increasing Colonial violence, as industrialized nations opened new markets and select new raw materials and Savage competition between industrialized nations over the fruits of modernization, which resulted in the outbreak of World Wars.

C

In short, the invention of new technologies may be a given, but their growth in dissemination and the structure of the markets and power relations which are based upon them are far from it. They are the results of political changes which are in turn, the outcome of conflicts within Society understanding, technological innovations, analyzing their effect and cultivating a healthy skepticism, but the propaganda propaganda narratives, which necessarily accompany them, is vital.

C

Fighting these Technologies and interest behind them, with the aim of directing their course curbing the harms they cause and expanding their benefits. Increasing the number of people they help and compensating those they harm is therefore also vital.

C

The only people more stupid than those who stand in the way of History are those who prostrate themselves before it. They leave no trace or memory at all, even as a cautionary tale to Developers.

C

um That would be that's all I have for you today, um please um in any way, if you can, if you can I know talk to people, uh let them know more about the case help um we just want to know what's happening um to our friend and colleague, um whether he's still alive, whether he's still um whether he's being force fed, and we also want him to get out safely and um I'll- leave you with his words.

C

You have not been defeated. They have not yet been defeated.

A

Thank you, Tara.

A

We'll go ahead and move on. um We won't uh take questions right now, um but thank you Abdul Salam, for getting in the queue um you can feel free to express in the chat if you had a question or so on, but we will now move on to Dimitri's talk um so come on up. Dimitri I've got your slides and you can use this pointer but stand on the pink X.

A

Second, because I don't see your slides, it's like.

A

For you and I, don't.

B

Yeah, the slides are loading I, just want to say hello to everybody and uh very difficult presentation to follow in the mica. Sorry.

E

I mean so you have to speak right into the microphone. Sorry.

B

Plus that plus the Mask doesn't help I I, remember um working with Allah in early 2000s on an Arabic translation of a digital security reference manual. We were building and it's been difficult to follow this unfortunate progress. So I do hope that if you have any means, you know, via social media, by physical contact with relevant participants here at the conference that you do bring up the case as strongly as possible.

B

All right to the presentation, then just testing the clicker and I'll come back.

A

Okay,.

B

I just had a recent cover test, so don't worry, how do I go for the slide? So do I. Just ask you all right, so my name is Dimitri vitalev I'm, the founding director of a digital security firm out of Montreal called equality. We've been operational for about 13 years now, I've been working in the space of digital Security Solutions for the protection and promotion of human rights for about 20 years.

B

The name. Equality assumes that this is what we want to bring to the internet. We want to kind of equal out the playing field between the users and very often the victims of this network and the powers that be. You know the corporations, the governments that in large part, have built and control this network.

B

We focus on web security capacity, building, sensor resistance, I'm going to be talking to you about our work on web security and censorship. Resistance um today and I think to mention right off the bat that all of the solutions that we developed are released, free and open source, and you can find them on GitHub as well. Thank you next slide.

B

All right, I'll mention briefly. Four of our projects today, um a website security infrastructure deflect a machine learning framework that is operating inside this infrastructure in order to help us mitigate malicious requests sent to our clients, a censorship circumvention system. We have built called Sino and an emergency communications project. We have stood up in Ukraine since the beginning of the war there, and that is basically helping people communicate with each other when internet connectivity is not present, I think by and large all about Technologies are built in defense of freedom of expression and Association online.

B

Thank you. Mallory. Thanks lab all right. So since 2011 the deflect project uh has protected numerous uh Independent Media Human Rights group democracy movements from various cyber attacks. Now these can be the sort of run of the mill cyber attacks.

B

You know which everybody faces when they're being online all the way up to a very well coordinated and quite massive um cyber attacks with uh you know sometimes evident State adversaries behind them and we've been doing this yeah for 12 years now, so the deflect Network kind of offers four Ps to its clients, obviously protection um and performance. It is really a reverse proxy caching network, with quite a lot of load, balancing and intelligence and elasticity built into the network by a virtue of you know, being in many locations around the world and doing caching.

B

You know it also kind of speeds up the delivery of a client's web pages to their readers in difference to many other uh efforts out there. This is a network and a team that is very much defined by its principles. We don't work with simply any website out there.

B

We have criteria for the type of content our clients may not present on their websites, including assignment to violence, hate speech so on and so forth, and we Define the processes for how we go about resolving various abuse, complaints that come in and they do come in quite often, some of them legitimate, some of them social engineering and by and large. This is a philanthropic service. It has a commercial arm, it has a non-profit arm, uh all profits.

B

You know derived from offering the commercial Service uh channeled into supporting and offering a free service to various civil societies out there next slide, please so yeah. Just briefly how it's built, um as I mentioned before, reverse proxy caching clients point the DNS to the deflect infrastructure.

B

We make sure various requests are distributed across our servers in about 25 different data centers now and within the infrastructure itself. uh Clients are obviously offered caching human support in about six different languages, uh various analytics on the traffic, both malicious and legitimate, coming at their web presence.

B

It also offers secure hosting for websites developing the WordPress framework and machine learning about detection, which I'll talk about a little bit later, being an open source infrastructure. We encourage third parties to stand up their own versions of the left and they can call it whatever they like really, and this is 12 years of work, packaged into an easily provisionable and managed architecture, and that you know probably costs tens of millions of dollars to rebuild from scratch, so go and get it.

B

It's free next slide about a million people come through our Network every day about 75 million, unique IPS served on an annual basis. It's around two percent of people connected to the internet um and yeah. Quite a lot of experience. Mitigating various attacks slide.

B

There's a sum of the attacks that deflect protects its clients from uh possibly none of these are new to you. uh We are layer, seven uh defenses, primarily, and we also protect our clients from quite a few legal attacks uh which happen. uh You know often enough several times a month. You know we're getting quasi-legitimate legitimate to completely false and erroneous and legal attacks by and large, without a sort of an experienced partner protecting a website. You know an invalid dmca take down request, just works, even if there's no DMC content.

B

You know that they're complaining about so we're also there to help with that next slide.

B

Now, in order to get evenings and weekends off, you know, we've had to develop quite a lot of technology to help us mitigate these attacks, particularly we also delved into the whole world of machine-led mitigation. You know trying to figure out how we can train a model to differentiate between legitimate and malicious requests.

B

After three years of r d and a lot of uh wrong turns and directions, we finally found the approach that has become basketball, so we basically trained the model on recognizing what is human, behavior and thereafter looking at algorithmic, machine-led Behavior as anomalies. This is an infrastructure called basketball and I. Think one of the main advantages to it for us and for anybody else who adopts this kind of framework on their own ends is that a lot of the pre-processing uh happens at the network.

B

Edge, and only you know, Vector features are being communicated into the Clearinghouse. So this is what we believe is a sort of a private by Design system, even though you're using it to ingest and make sense of web logs we're not communicating any pii across the network.

B

um Basketball yeah is also open, source and also I. Welcome you to take a look at it on GitHub and to try and deploy it. You can deploy it either as a SAS service, where you are the client sending us the vector features or you can take the whole framework, including the Clearinghouse, and try it out with yourself. We ship with the default model not with the deflect model next slide. Please.

B

um Yeah, on the right hand, side: this is a gift that obviously doesn't give inside a PDF um but yeah at the moment, basketball settings are two minute sliding window uh it can adapt to any web traffic. Every IP log entry generates a prediction and we don't allow the machine to make the final decision on whether an IPS representing a human or a bot anomalies above a particular threshold, are then challenged by the deflect system.

B

uh We send the basically a reverse shot challenge to the browser, to prove that there is a browser behind this IP and- and it is not about on deflect, it is doing about 40 million lines uh per day and over 35 behavioral features have been modeled already next slide yeah.

B

You can see an attack, basically in action where, in the last 24 hours, 150 000 IPS uh have breached the threshold, they were all challenged and, as you can see as well, you know a thousands of those IPS had passed the challenge, meaning it was a false positive. So again, I think we feel it's important not to let the machine make the final decision here on who's who, in the network and um yeah, send the challenge to make sure thanks.

B

Sly from about a week ago, an example of what an attack looks like this is a Ukrainian media from the town of uh three various attack types, 33 million malicious requests. Quite a large botnet over over a hundred thousand Bots I mean this is basically what the day-to-day on deflect looks like, because we work quite a lot with heavily targeted websites. You know we're really uh are I, guess a Honeypot for a lot of the malicious activity happening on the internet today, next slide right.

B

So moving from the protection of freedom of Association and uh on the internet, we feel that you know bring down. A website is another form of censorship. You know you can block a user from accessing particularly resource, so you can destroy that resource as well, um moving on actually from destroying that resource and the protection that deflect offers. I want to talk to you now about blocking the user from accessing particular resources or the internet in general. Filtering censorship and network shutdowns that we're seeing more and more today.

B

I'm going to focus here on the Ukrainian use case, I think it is very much a focus for my organization now you can see here quite an old Network map of Ukraine, with Crimea still connected to the Ukrainian Network and the donbass, the east of Ukraine, also connected to the Ukrainian Network. Now that is not actually the case anymore.

B

A lot of the occupied territories have been rerouted to the runet meaning to the Russian internet, meaning that people living in these temporarily occupying territories are part of the Russian internet now and therefore behind Russian Network surveillance and Russian censorship.

B

Next slide so I'm going to talk about two types of internet shutdowns and what kind of solutions my organization is bringing to bear to challenge these kind of shutdowns, um the most prevalent of which um that I call scenario one in this presentation you know and that we see quite a lot around the world. You know from Russia to Belarus to Kazakhstan to Iran at the moment you know and to quite a lot of countries in Africa, so on and so forth. Northern India is the disconnection of popular internet services.

B

You know the Internet by and large is very much dependent on a few companies now and if you can block the IP space of these companies of this Cloud providers, you have virtually blocked uh any usable internet uh from the population. Usually when you implement a shutdown like this, you also want to Target. You know VPN services that people might use to circumvent these blocks next slide.

B

So as a solution for scenario, one we have devised, the the Sino browser C knows an abbreviation of sendship.no with the model share. The web and I'll explain why we shared the web next slide so see. Now is trying to kind of change uh or introduce a new generation of circumvention technology which is not reliant on connecting to sort of a single Hub proxy solution, whether it's VPN or something similar.

B

We have actually built uh Cena to use the BitTorrent protocol for routing and for distributed storage.

B

um It is the first web browser of its kind, which is actually using the BitTorrent Network in order to fetch a particular resource. Have it inserted into the bittern DHT and then delivered back to the user. Biggest difficulty was really in rebuilding this web page on a user's browser, you notice, so that it shows you know in the same way as before, allowing for dynamic connectivity with the website as well.

B

Next slide, Now by virtue of using the BitTorrent protocol and by virtue of networks allowing incoming connections to a particular device, every user of Sino also becomes an active node.

B

This means that we have as many nodes as many proxies if you like, as there are users now. This allows any person here in the UK wherever it is that you live, that is possible in a network not being censored to become a routing node for somebody living in a network that is being censored. Your phone's connectivity is automatically registered inside the DHT, and people in Iran people in Russia people in other countries undergoing shutdowns are able to connect to the rest of the network through you.

B

This is particularly important because, in a scenario number one of Internet shutdowns, your IP is not part of a large corporate public IP space urp is usually not included on the block lists of when internet shutdowns are being implemented, and all you need to do is install the app and have it open and running a new phone. This is what we call Cooperative browsing inside signal next slide.

B

Now, also by virtue of using BitTorrent, we have the ability to do decentralized. Caching, now this is very interesting, because what it means is that when you have opened a page which is censored in your particular Network environment, the next person to open a page doesn't need to leave the network, the national Network anymore. They can simply get it from your phone, and this has been you know a huge Boon really for preserving the connectivity between IPS inside and outside the censored Zone.

B

Because frequently requested content is often important content, particularly during a shutdown. It is only neat. It only needs to be imported into the network. You know once or twice and thereafter thousands or Millions of readers can access it without leaving the Network anymore.

B

This also allows us to continue content distribution among people inside the censored Zone once the internet has been completely external connectivity has been completely switched up and I'll come back to talking a little bit more about this next slide in shutdown scenario. Number two total disconnection.

B

So sorry not yet um so total disconnection means that either a cable connecting your particular Network, Village town, maybe even City, or the various cables that connect you to the rest of the national network, which connects you to the rest of the global Network, are no longer functioning in the Ukrainian example. This is happening because of military activity because of bombardments. You know regions are being disconnected from the rest of the Ukrainian internet and the rest of the global internet, of course, that by default this means that no proxy is going to save you.

B

You know, no clever method is going to get you out of the Zone, because there is no connectivity.

B

This means that you'll never get to Facebook or Whatsapp or telegram or whatever it is that you need to get to because that is located physically outside of a town or region.

B

Next slide so to to deal with this problem, you know we're using decentralized uh protocols and services. Really I mean um this. Centralized internet is being pitched as number three at the moment and really I. Think it's you know, number one. You know the first internet plus you know internet 2.0 of social media. The centralized internet has equaled the decentralized internet really, but I think it's a future that is actually revisiting the past.

B

So all we need to do in this case is actually bring the services the servers, the protocols that people need to have in order to communicate with each other back into their Geographic localities back into their Networks. It's not a very complicated idea, but we've just moved away from that.

B

So far in the last 20 years or so um I think now, with the pushes behind web 3, we are beginning to realize the opportunities that were lost and what we can regain once again by bringing either the servers closer to the users or getting rid of this notion altogether, and considering that we are all you know, we can all be service to each other. Obviously, email is an old example of this. As now you know, growing popularity is the Matrix protocol.

B

You know decentralized, Federated protocol and decentralization is really key behind a lot of the technology that we're developing now for censorship. Resistance next slide so once again back to Ukraine uh the project that we stood up uh in early March after the second invasion began was based really on collating and presenting um a readable menu and a few user guides and to the Ukrainian population. We went and sourced machines with as many um isps who actually still had hosting racks in their vicinity in the locality.

B

um At the moment, the decoms project is uh in nine different regions of Ukraine, uh also inside occupied territories, and each of those servers basically presents ready to go. uh Matrix chat rooms um actually next slide and ready to go. Matrix chat rooms with the the new sort of interface that the Matrix team is developing element and that allows people to have a either web interface or an app interface. In order to talk on Matrix channels, there are public rooms uh where hundreds, sometimes thousands of people are using to communicate with each other.

B

There are obviously private rooms where we don't know what is happening um aside from metrics we're also offering them the decentralized micro blogging platform Mastodon, uh so in nine different locations, also with Federation set up and working uh we're offering each of the services.

B

Also a Delta chat, server and Delta chat is another messaging system that is actually using the SMTP protocol for communications, with end-to-end encryption by pgp and the Briar chatting system uh which, by default, uses the tone Network as its primary Communications protocol and fails over to Bluetooth mesh device to device connectivity in the absence of any internet altogether.

B

Now mesh connectivity, you know, is not necessarily an ideal solution for every use case, but when you consider that many people in Eastern Europe are living in large blocks of flats or may find themselves, you know inside a bomb, shelter or you know, maybe even protesting or being outside in the street. In a similar space, you know, Mesh networking becomes a very useful tool in the absence of any other communication options and obviously we are also um offering offline downloads of some technology, including the senior browser next slide.

B

Please now the Sino browser is underpinned by what is essentially a core technology. We have developed called winet um so win. It is the library that is doing all of the the centralized caching content delivery, bringing requests to the edge of the network where um web pages are being imported into the DHT signed, distributed, delivered so on and so forth. So we net is uh available as an SDK for the Android platform and as an open source library in I think C plus, uh which can really work with any type of traffic.

B

You know with instant messaging with the email so on and so forth. So CNO is the application layer sitting on top of vnet, and we net is a library that you can be using inside your Technologies for decentralized Content distribution.

B

Authenticated content distribution next slide, please. So what we're trying to do now for networks experiencing disconnections is not have content imported to the network, simply by user requests, but actually um preemptively going to crawl an entire web resource.

B

Let's say it's Wikipedia or let's say it's: the Guardian news side or whatever and preemptively, injecting that into the network, so the weekroll tool, uh also in collaboration with web recorder, is now tasking itself with the crawling scraping whatever you like web resources that we believe are essential to people um living inside uh Sunset Network and these web resources are then accessible to the user, as the guardian website is normally via this in a browser you know, even if there's no way to get to the guardian, but we have injected all of their resources into the DHT.

B

They can access it by the web browser using the normal URL as before. Next slide, then we need a Content delivery mechanism. We need a transport, you know to be able to bring this script packages into a disconnected Network.

B

So obviously, this internet satellites- and you know Elon Musk- is had his Heyday in uh in Ukraine until recently, until some of the latest outbursts uh with a promotion, proliferation of The Styling system, um internet uh satellite internet is a solution in locations where it is accessible and where it doesn't present a greater danger to the users by virtue.

B

You know being quite easily geolocated um another thing that we're doing is actually looking into placing data packets inside um TV satellite streams, TV satellite broadcasts, which are obviously one-way Communications, but that is kind of all we need. So we can have a overt TV channel and a cover Channel inside that delivering data into a country where there are a lot of TV satellite dishes next slide.

B

So we're trying to piece all of this together now, basically figuring out which web resources are in demand, and hopefully we're not the ones really deciding all the time that we can have a way to crowdsource. These requests.

B

You know which web resources people living inside a disconnected Network want to have present on their Network, then um scraping those resources turning them into web cash, delivering them inside the sensor Zone and using the winet infrastructure present on people's devices on people's computers to propagate it inside the censored Zone thereafter, so, basically, rebuilding pieces of the internet pieces of a static internet by virtue of whip cache inside a sensored Zone next slide.

B

And this is the penultimate slide and with the proposal for the protocol stack right there at the end, um the ability for us yeah to use this Sino Network as a means to propagate a web cache is efficient, because we only need a few injection points. You know we don't need the entire population to have the injected content. You know we only need a few people nodes to be able to receive it thereafter, propagates peer-to-peer at the moment.

B

We are trying to come up with a sort of a multi-thronged approach to see how best to deliver this content and not settling, maybe on a single channel of delivery, but weighing up the pros and cons of each different, Channel and I. Think a goal for 2023 will be to decide what to do with a lot of the web. Cache that we already have by virtue of running the deflect Network- and this is with a protocol pitch comes in. You know, deflect as I mentioned in the beginning.

B

Is a web caching infrastructure as well reverse proxing, creating web cache distributed to to users. A million people are generating cash on our Network at the same time. Ideally, we would want to have this cache immediately available inside the winner Network. It just makes sense a for us as a company running both infrastructures, disparate infrastructures, both of them dealing with web cache in various ways and for um a similar goal, and that is content accessibility.

B

We don't have a protocol that would allow us to take. You know web cache generated by nginx and put it into um the BitTorrent DHT so that it is read in the same way. You know on the Firefox browser. It is something we're beginning to actually uh think about, and hopefully present to you in the upcoming conferences of how we can have a interchangeable web caching standard and the final slide. Please.

B

um Since you'll have the PDFs of this uh you'll be able to come back through this presentation that I went through rather quickly. Here you have the links to the various projects that I mentioned, one I didn't mention I'm, just actually out of Kiev. Now, where we launched the naidino platform, which is a national digital security helpline um that is meant to serve the entire population with the most basic digital security questions, and we are working with the global nog Alliance on the keep Ukraine connected program.

B

um At the moment you might have uh seen on the news. Power is a huge electricity power generation power. Delivery distribution is a huge problem in Ukraine, and many of the isps cannot serve their clients during blackouts, um It All, Happened. Very suddenly, of course, Russia targeted electricity distribution, centers and although Ukraine has the electricity needs, it cannot distribute it everywhere, including to these isps. They only had UPS's. You know there as a normalized speed would which lasts for about an hour, so we're trying to import about a tons of batteries.

B

um Lithium gel anything we can get our hands on the nearby region uh has been kind of stripped of batteries and, through the global nogalines, deliver these batteries to various isps. So if you do have some time use the QR code check out the global novel lines and cooperate with them, donate to them and yeah help us keep Ukraine connected.

B

Thank you, I'm, not sure. If I have time for questions, we.

A

We certainly do have time for percussions um I, think it's important so I there's somebody in the queue also a reminder to everyone to just join the queue. If you can through the meet Echo um function and yeah, go ahead. Carlin.

E

uh Colin Perkins, with no hats, um so I think this idea of the um the Sino browser using uh bittorrents and the super skills is interesting. um Obviously, there's a lot of personalized content in the internet. um Do you have measures of how effective the web? Caching is given all this content, because you know clearly something personalized to me: can't effectively be cached.

B

Yeah very much so yeah I mean the internet really at the moment you know, isn't built to be cached and recreated somewhere else. So actually quite a lot of the you know, the five years of trial and error and that went into Sino was to build the intelligence into the Sino client itself to figure out what to cash and what not to cash.

B

um So any kind of cookie, authenticated content uh automatically is only transmitted to the requester and isn't cached in a DHT.

B

um Also, the user inside the settings has the options to switch on and switch off whether they want to Cache this content and share it with others. Yeah.

E

Okay makes sense. My other question was: um you know this is obviously very effective for providing connectivity. um Does it provide any form of uh onion rooting or um so traffic analysis, resistance.

B

um By default, no- and we're very clear about that in our documentations that you know this isn't a network anonymity. This isn't really even a network for privacy. It doesn't really add too many I mean I, think it kind of balances out the primary properties it adds, and the Privacy properties that actually gets rid of uh so yeah.

B

We're trying to be very clear that this is really content: delivery system for censorship, circumvention uh having a content uh sharing your content with others, you know, allows you to see who's requesting that content from your device as well, so yeah we're trying to be very clear in our documentations of its advantages and disadvantages too, by not misrepresenting what it isn't: yeah, yeah sure sure, I.

E

Think it would be interesting to explore to what extent uh the the pin Network could be used for onion rooting style. um You know to try and provide some of this resistance.

B

Very much bouncing the traffic around yeah anyway, yeah yeah. Okay, thank you. Thank you.

G

uh Hi there, thanks for the presentation, dkg.

A

You're, just a little soft.

G

You're, going through the presentation and um and thanks for the interesting work, um I had a question that was similar to uh what Colin asked, which is um uh so so, in addition to the sort of risks of targeting a distribution, I mean we just heard um about the you know: risks to people for sharing specific content.

G

um It seems, like your devices, can share specific content through these uh through something like Xeno um even more explicitly. This is your your device right, um I I, wonder if you have any thoughts about how uh if there are defenses there and then the other.

G

uh Similarly, with a with sharing content, you know it seems like this is a Content distribution means of getting information into censored areas, but it's not clear to me how it gets information out of censored areas, so somebody within the censored area might be interested in what people are outside, because they're saying um but uh I, don't I, don't know from the description. I didn't understand whether it was possible to also uh uh get news out from within the firewall. Can you talk about that.

B

Yeah, thank you dkg, um so yeah on the kind of uh guilt by connection or Guild by association, front I mean what we've tried to do is make DHT traversal um very complicated, if not impossible, in a way that we're using uh the particular bits are in protocols. So you can't crawl the DHT to figure out who is doing what you can see people connected to the DHT. You cannot see the content that uh they're requesting a sharing inside the DHT itself.

B

Yes, you can be. You know, a malicious actor or, let's say a law enforcement actor and download the legal content to see who connects to you in order to retrieve it, but then you're also guilty of downloading it, as the people, maybe unwillingly, so connect to your device to get it from not a very strong defense, but nonetheless I think that has some uh legal footing to it. In some instances, um all PDP efforts, I, believe you know I have this chicken and egg problem.

B

You know we need a big haystack and until there are millions and millions of nodes and users and a lot of you know, content of various uh origin and uh various interest in the network.

B

um These problems, you know, are I, think a lot more serious and a lot more prevalent until then, when there is a huge amount of content inside the network of all sorts and types, I think the statistical probability that you're going to figure out a network of activists by downloading you know the amnesty org page through Sino and then seeing who connects to you to share it uh decreases.

G

So I I want to understand how you how house you know is thinking about the the authenticity questions as well right. So your your description of one of the legal defenses um for say, law enforcement, seeing who connects to the MSC page well, unfortunately simply claim that they have the amnesty page right inject, that claim into the DHT and then the law enforcement wouldn't themselves be retransmitting.

G

The NFC page they'd just be looking to see who comes crawling the DHT to think they have the amnesty page right, so they wouldn't actually be redistributing the content themselves, they're just doing a surveillance, Gathering or something like that. Are there authenticity protections available.

B

I think um I'll deflect your question a little bit uh for the interests of time. um I will just talk quickly about one type of authenticities that I think I am qualified enough to discuss.

B

Maybe we can go back to slide 23 just quickly, uh authenticity of content injected into the network and then delivered to the user happens through uh content signatures which are made by injectors, as you see on the right hand, side of that diagram uh run by well, in this case equality, but anybody can stand up their own winit infrastructure and if you want to serve you know, web content through it run your own injectors.

B

So injectors are signing the content and this content packet carries the signature throughout its life cycle inside the DHT um signature. Validation is hard coded into the casino client, um but maybe yeah on your other question of authenticity inside the DHT I'll I'll just deflect it for I think lack of uh uh ability to give you a concise or maybe even a correct answer, um but please uh maybe post it as an issue in a censorship, no uh report on GitHub and uh we'll answer it there. If you don't mind.

H

So I have sort of a related questions to Ted lemon. um First of all, uh there it seems like there are two ways that you could attack this in order to by the way this is really cool. I don't want to imply. This is bad I'm. Just like thinking with my.

H

How do we defend it hat on um two ways to attack this uh one would be: is it possible for a bad actor to put bad data into the cache, simply by deliberately providing enough instances that are producing that data that nobody else feels like they need to produce it? Is there a defense against that?

H

Do you see what.

B

I, what I'm saying yeah? Okay, um the request for new data uh uh in the current Sino architecture comes from the user Itself by the URL, so the URL is a really key piece of addressing and routing in our system.

B

um This request is communicated to the injector inject. Their IPs are also, unfortunately, for the time being hard-coded into the client and if the injectors are not accessible because the sensor as well can get you know a copy of the Cena browser, then you know the entire network of others. You know users that have incoming connections become Bridges to that injector.

B

Now, as I just mentioned, injectors are run by quality in this instance, and it is them who fetch content requested by the URL and then sign it before injecting it. Okay.

H

So it's signed with your keys yeah.

B

Okay,.

I

So.

H

That that's, that seems like a good defense against that attack. The other sort of obvious attack is if somebody manages to suborn your infrastructure so that they have access to your keys and potentially your infrastructure and can inject bad data. That way have you what's your feeling about the or what you know? What are you what's your thinking about that problem.

B

Look I mean also not a short answer. Yeah uh also. We do understand that in this particular use case where people want to browse the web, because that's where the content is, we need to deliver the web. We need to have an interface between the web and the DHT, which is the injectors. The injectors are a point of vulnerability. We do do protect them using just you know, internal um company experience and you know um best practices and to protect them.

B

We do have a some experience because of the deflect project on how to do that, um but yeah. There are several points of vulnerabilities in the network: uh definitely not foolproof and definitely yeah the more heads we can use to improve the system. The better cool.

H

Yeah I mean it seems like there's an opportunity, for uh you know right now, web web uh Publishers, don't generally they do provide authentication for web pages. But it's not provided with this particular use case in.

B

Mind no yeah, it.

H

Would be interesting to see if there's a way to leverage that so that the burden is no longer on you to be. You know, that's.

B

It and I think this is where the web caching standard uh could come in very handy yeah, because, okay, if we are moving to web point, three we're gonna need to deal with decentralized content in the centralized networks. Again, you know we can't assume that there's going to be a Tillis connection to Twitter all the time, and we don't want that actually in web 3., so we will need to figure out. You know how to deal with.

B

uh You know with a HTML kind of uh ecosystem and um decentralized protocols, which I think you know it's not very difficult. We just need to actually come back to that space.

H

Cool.

B

Thanks so much thank you.

A

Dimitri thanks so much um and thanks for the questions, I think they're really good. This is part of the reason why we really wanted to invite Dimitri here today, because they I think have a lot of real world use cases for this kind of hard problem, and um it's not the first time it's been brought up in the ietf either. So, hopefully we can continue that conversation, um but yeah we're now going to shift to um Corinne who's, giving the next talk um Corinne.

A

Do you want to share the slides yourself since you're, remote or I can I can also pull them up and pass you the control? However, you prefer. Okay, let me do that. Foreign.

A

You should have control now so go ahead.

A

I'm not sure.

J

Your audios.

A

Oh there, you are okay, good.

J

That invites me welcome green I, think it's uh muted.

A

Pick up Sophia, yeah, yeah.

J

That's yeah I.

A

Think Korean is muted Corinne. We can't hear you. Unfortunately, um you look like you're unmuted on in Meet Echo, but maybe oh no. She.

D

Can't hear.

A

Me either.

A

Corinne, okay, we're not able to hear you.

A

No.

I

Yep.

A

So that we heard you for a moment.

K

Let me try again is video and audio coming through okay, now.

A

It's great, so let me get your slides back up and pass through the control.

A

Thank.

F

You.

K

Go ahead. Welcome um so hey y'all I really appreciate the opportunity to to present some of my research work um today. I really wanted to be in the room, but unfortunately I had to leave somewhat early, um so we're gonna. Do it like this?

K

um This might be a little bit repetitive for some of the people who were at my irtf talk uh on Wednesday, but I just want to make sure that everyone is at the same level.

K

um So I wrote both my master thesis and my PhD on the ietf, and what I'm going to be talking about today is some of the work um in my research which tracks what hrpc has been doing and then raised some critical questions as to like where we potentially could go next um and, as I said for those who attended my anrp talk, the first slides will be familiar, but I do promise. I will take a hard left at around slight uh 10 or 9, and really focus on the human rights work.

K

So there's really four sections I'm going to talk again a little bit about being an anthropologist in the ietf. The work that hrpc has been doing since 2014.

K

um Some of my findings in terms of the role that human rights have played in the ITF actually way before hrpc existed and where we go next.

K

um uh Just a bit of context: hi, my name is Karin I'm, an Anthropologist of Internet governance, cultures, um I'm, a research affiliate at the University of Cambridge.

K

um Some people might also know me in my role as the VP of research at the open, Tech fund um I'm, not presenting here in that capacity. This is very much me as the left academic.

K

um Some of the people might know me as the person who occasionally gets quoted um when there are kerfarfels in the iitf about what appropriate behavior is. This is a key part of the research that I've done for my PhD, and if you want to read more about some of the problems that I've seen in the community, you can find it on.

J

The link below.

K

In a piece aptly titled, what is wrong with loud men talking loudly the itf's culture wars now, um I always find it easier when talks start off with sort of the one of the key main takeaways also has a bit of a provocation to keep you engaged and for you to start thinking of the different ways in which you're going to argue that I am wrong.

K

um So the main takeaway from this talk is the sum of controversial one, at least for this community, and if there's one thing that I truly hope that sticks with you today. It is that the ITF is political inherently and that it always um has done political and policy work to different degrees, uh and the question uh demo comes is that has happened not just in political explicitly um political spaces like hrpc.

K

um So what does that mean for for this group's work going forward and what kind of an impact um it would like to make? So um I've been involved in the hrpc work since its beginning? Actually, since before the group was was founded um and I, just remember those early conversations really showing me how much of a fascinating place this community is for anthropologists, like myself, um and to do that. I have to talk a little bit about anthropology as a field.

K

um Many people tend to think of anthropologists as social science researchers who go to like far away um islands and um study cultures of people who are very different from ourselves um to sort of study. The Argonauts of the Western Pacific to bring in some really classic anthropological work, and this for the longest time was the focus of anthropologists. But that is clearly no longer the case.

K

um Anthropologists at this point in time are are everywhere, and especially since the 1970s there's been this real critical shift in the fields where, instead of um often focusing on people who are less powerful than the Anthropologist studying them, we focus on people who are more powerful. We call that um lifting The Gaze up at the most powerful in society, and we study our own societies and not just societies um that are different from ours, and that means that we now also study um well-known tech companies.

K

I mean there are anthropologists in places like Facebook, Google, um Twitter godspeed to them, but also in lesser well-known Tech communities like the ITF, um so a bit of work about what we do as anthropologists. Now we study human behavior and cultures through a very distinct set of methods and methodology, so direct engagement with people that that collectively make these cultures by participating in their world.

K

So in my case, to make this more concrete for my PhD I, essentially spent three years doing field work within the ietf and the irtf uh and I did in the interviews field work as well as analyzing, mailing lists and RCS, and a bunch of other documents produced by the ITF or around the iitf.

K

And what this type of research really allows me to understand is the kind of cultural conditions um that have shaped how Protocols are made and for this particular talk, um I'm looking at like what hrpc has done within the ITF and the irtf and it's and how to think about the kind of impact that the coup has had.

K

um Which brings me to my talk today. um Human rights works in the ITF and irtf. uh Where are we and where are we going now?

K

Some of you in the room might actually recognize the still on this slide from the net of Rights movie. That was made in 2015 by Nielsen over and Joanna Varon, for which they interviewed various ITF Engineers to explore the relationship between internet protocols and the promotion and protection of Human Rights.

K

um Now it's really tempting to start a talk about the role of Human Rights advocacy within the ITF by saying it all started in 2014 when the hrpc group was was started and approved or started by Nielsen over avidoria and Joanna farron and approved by Lars and I will certainly get back to that moment in time. But I do think as a researcher. It's also my role to say.

K

We need to trace the work on rights within the ITF Beyond these more recent times, because it doesn't, if we just start in 2014 I'm not doing Justice to what essentially I see is the long Arc of public interest technology advocacy that has occurred in the ietf.

K

um So it would be possible to also start tracing debates within the ietf and irtf about the impacts uh impact of protocols on a number of items known in Revelation.

K

um That is another starting place, but there's also an argument to be made uh that we can point to the publication of RFC 6973 on privacy considerations, um spearheaded by Alyssa, Cooper I know this in 2013 as a starting point of sort of Rights conversations in the broad ietf or um I could start even earlier, with the participation of folks like John Morse in the iitf, who wrote one of the most sort of explicit IDs uh internet drafts about the policy implication of protocol Works in 2010, or uh if you follow the work of Professor sander Brahman, who is essentially done very beautiful and comprehensive uh studies of early RCS.

K

We can essentially Trace policy, including human rights considerations. All the way back to the founding days um of the ietf, so uh I think I have sufficiently belabored the point that I'm trying to make, which is that political questions, including debates about rights, have in one form or another, always been part of the iitf's discussions um for one because technology.

K

In many ways is politics by other means: there's various academics uh convincingly shown, but more practically I guess, um because ITF Engineers have always considered their technology, also in the context of its deployment in The Wider World, which inherently means about thinking about politics in terms of like the kind of power relations um in in historically contingent um structures that end up influencing how protocols get used. Now. This does raise an interesting question.

K

um If human rights and policy considerations have always been part of the ITF, why has the work of the human rights protocol considerations group been so contentious, um upsetting, so many people, especially in its in its early days, um and to do this I, will now move back uh to hrpc and give a bit of an overview of its um trajectory.

K

So, um as I mentioned in October in 2014, three human rights, Advocates Nielsen over avidoria Navarone, essentially came to uh Lars Eckhart, the irtf chair at the time. With with an interesting idea, um they wanted to research how internet standards would impact human rights um and related as part of that they were interested in developing guidelines that ITF Engineers could use to Think Through the potential impact of their uh of their document of their Technologies on uh on rights, and the idea, in their words, was to preserve the internet as a human rights enabling environment.

K

Now to achieve these goals, they set up the human rights protocol considerations, research group in the irtf and then in 2017. The group published its uh its first RC RC RFC 8280, um which uh is entitled Research into humanized protocol considerations, and that outlines different questions that one can ask of the technology to understand how it might have broader implications for policy and rights.

K

Now, after the publication of this human rights document, um it has not, it has not seen a lot of wide take up.

K

So sometimes you do see people say we have a small human rights consideration section uh in our document, but not very often, and on Wednesday I talked a little bit about how that is in part due to the fact that there is some cultural hesitancy on the part of of many in the ietf to explicitly talk about rights, um given that they worry about what kind of outside scrutiny that might invite or how it undermines how the ITF does work, which is not um because it's just not very comfortable with not human rights as such, but the different um centralized institutions like the UN that are tied into the human rights people framework.

K

um That being said, the group has had um has had influence and impact in in very different ways um their work. Their presence is well cemented, uh not just in irtf, but in ietf.

K

um A number of people who came into the ietf uh myself included um are now present in different ways. They are um with ITF leadership, they've set up other research groups, they participate in ITF working groups um Etc and um all of this to say that the HR PC group might not have had the kind of narrow impact it had initially set out for itself, namely getting ITF Engineers to take on our c8280.

K

But the existence of this group of people with an expertise at the intersection of standards and rights has had a really interesting impact on technology development in the iitf in a much broader way, in a way that perhaps the folks who started it, hadn't even imagined now I want to get back to some of of these more interesting and positive impacts of this community in a later slide.

K

um But first I want to sort of go back to some of the discussions we've had here uh over the past years, in particular the one around politics.

K

um There are multiple reasons why the hrpc work was so contentious.

K

um Part of it obviously has to do with, like the political, uh the political, economic reality of protocol development and deployment, which meant that adding human rights considerations to documents was seen as perhaps slowing things down. Adding complexity doing all these things when it wasn't clear like what the benefit would be necessarily um likewise, you know there were some issues around potential mitigation strategies for human rights impact that were in tension with economic considerations of latency or efficiency, a problem that is obviously well known to the ietf.

K

We see it come up in in other working groups as well, um but one of the the concerns that I really want to foreground today is a cultural um sort of conditions that shape the human rights discussions and the worry that exists amongst the many ITF Engineers about making these um these impact. These political aspects of their work, more explicit, excuse me, so the concern being that if the ITF is more explicit about how it work is political, um this might actually um invite unwanted scrutiny and outside regulation.

K

um There is also a worry that it would open them up to the demands of a number of actors, including governments, uh who will want things that many in the iitf considered to be bad.

K

Technical practices like undermining or backdooring encryption scheme, for example, um and the the problem is that or the apartment for the hrpc group, is that their demands um of human rights were seen as being unwanted impossible, um even if maybe technically they weren't, um and so, for instance, one of my interviews, interviewee said so, for example, I agree that it would be wrong for the ITF to start taking positions on economics. Saying that we need an anti-capitalist ITF will be kind of stupid right.

K

um It's never going to happen anyways so for the credibility of the organization for its sponsors for the people here who make use of the Technologies developed, it would make no sense to do overtly political things.

K

um That being said uh following the Snowden Revelations, sometimes the political moment, trumps. These worries and ITF Engineers do take up political debates and translate them in technical ways. As, for instance, we saw with RFC 70 to 58. um Pervasive monitoring is an attack that came out after the Zone Revelations. Now some of the folks who co-authored that might be in the room, I mean obviously can't see if Stephen is there and he and I have been having some conversation about the extent to which this was or was not overtly political.

K

um But I would love to hear uh your thoughts on what made that moment so unique that it was possible to actually get this document uh published because I do see it as a political stance, even though it's couch in technical terms uh and for those wondering about my choice of slight pictures here, I guess I was going for the message that sometimes politics are as run-of-the-mill in the itfs as our cookies now uh going back to hrpc. How do we think about its role in the ietf and the irtf?

K

um And if we look at the use of RFC 8280, it seems pretty minimal, but I do think that no pun intended this would be too narrow a standard for judging the impact of the group uh and in my PhD research I outline hrpc's influence in terms of its role as a landing pad for people who are interested in the intersection between politics and protocols.

K

um As a bit of a safe space for engineers who are looking to repoliticized protocols as a place where people can be mentored and grown, help to grow into different roles in the ietf, including in leadership as a number of hrpc folks have done um so. In other words, how I have have theorized.

K

Your group is really as having various bridging function functions so merging between new folks and people who who have been here for a long time between end users, especially from the majority World, whose views are not necessarily represented here in the sort of technical, slash, awkward interests that are well represented at the IHF, um but also between activists who focus on systemic issues around racism and sexism and those working in the ITF to make it more open and accessible a bridge between the research in the irtf and the technical work that happens in the ietf approach between political and Technical debates, etc, etc.

K

So, um where, in the first couple of years, uh many of the people who started in hrpc actually stayed within the Narrow Lane that they had carved for themselves in the irtf. That is clearly no longer the case, um and that's also where some of the strength of the group really lies in in its way to provide a virgin function and a landing pad and a place for experimentation and contrarian views um that you know that the ITF tends to say it really appreciates.

K

um But, more importantly, what I want to drive home is the notion that the work that the hrpc has been doing is not necessarily um exceptional um or totally coloring outside of the its boxes.

K

um It really I truly do see uh hrpc as an extension um of the long Arc of public interest representation within the ITF, uh but bringing in a new and wider set of concerns, uh including around issues like environmentalism and racism, but also by connecting the kind of work that some people do in their day. Jobs too. That is maybe not as technical nature to discussions that are happening here.

K

um Corvadis, okay cover this a really fancy way of saying a Latin. uh Where do we go next? um The biggest question that I see for hrpc is how it wants to keep repositioning itself within the ITF irtf ecosystem.

K

um There are obviously a number of different routes you could take, uh including one in which it becomes a space uh for broader consideration of politics and policy development and how those impact the ITF um and and how to potentially respond to those.

K

um Now there are plenty of thorny questions. I believe that could benefit from the unique perspective perspective that this group can can leverage together and whether it's ongoing government, repression and surveillance, um or like the kind of examples that.

D

D matches.

K

Brought by the work that equality is doing, having those kind of voices have a space within the irtf and ietf is, is incredibly important and I feel the Community Values it as well.

K

um It's not necessary for me to say what the best way forward is, um but I am very interested as I know you are and having that discussion, um so I think I will I will leave it at that, and just thank you for being given the opportunity to present and if you're interested in my research there's a link below to the entirety of my uh PhD thesis, um I, wouldn't recommend reading the whole uh 19 19 000 words, but maybe skimming a bit here and there if you're interested. Thank you so much.

A

Thanks uh thanks, Corinne folks feel free to get yourselves in the queue I'm going to cut it, though, because we have to move on.

L

Thanks Quinn, this is Elliot um once again, congratulations on your NRP award. It's very well deserved, um as somebody who's been participating in this group as an engineer from the beginning, with some amount of trepidation at different points, a great amount of trepidation I want to make two comments.

L

uh The first is um I think a lot of us, especially uh senior engineers uh struggle with this group in in not just the group but the concept of Human Rights, because at the end of the day we find that there's no right answer for us uh that anything we do can be used for great harm uh or great good, um and so that brings me to uh my second point, which is where to go from here.

L

um The value I think of this group to me at least, has not been in Publications from the group, but rather in the presentations to the group, um which I've learned a lot from by the way, and uh for that I'd like to thank both the current chair, the previous chairs and the presenters themselves.

L

um One of the things that I would suggest is that we figure out a way and I. Don't I, don't think we just means the hrpc, but we meaning the broader Community uh to surface the presentations, perhaps the ones that are uh that. Maybe this group thinks are most important um to the broader Community, um with uh maybe some suggestions about the ramifications to uh uh the ietf I'm, not quite sure how to do that.

L

So I'll I'll stop there just to say it's an inkling of an idea and I think. Maybe uh maybe the group can pick it up or not.

E

Hi uh Colin Perkins, um thank you, Elliot I think that's an interesting idea. uh I um I think I. You know thank you for the talk. Karen uh I agree very much with uh your your points. I think hrpc has had a pretty wide impact in the ITF and the irtf um and I I agree. I.

E

Think also that it's not so much with the documents uh it's worth, bringing the people in, let's bring it's with, be explicitly bringing in people with different viewpoints uh and bringing them to the ITF community and exposing the community to those viewpoints.

E

um I think this is a very good thing we need. We need this diversity of use.

E

um We are nowhere near diverse enough in the ATF and the artf and the more we can do an hrpc does that in one small way and in one access of diversity and I think that's a great thing and I think if we could try and bring in more people from our proxies of diversity, I think that would be uh a very beneficial thing for the organization, um even if there would be growing pains with the different viewpoints and the different clashes of view.

E

So I hope we can continue to do that.

E

um I also strongly agree that we have always discussed politics in the ITF.

E

One of the examples I thought you were going to bring up but didn't is RFC 1984., for example, which is a very political document and one which we explicitly discussed economics from back in 1996.

E

um I. Think what's changed now. Is that we're finally starting to admit that we're discussing politics and I think that's a very good thing? Thank you.

M

uh Thanks Karen, this is uh Adrian Farrell, um yeah, I I rarely managed to get to these physical meetings because there's this sort of agenda going on where, where people are having other working groups um and I, think that's part of the issue. So when I work on a protocol document, I know I need to have security considerations, but I also know that I don't know much about security and um the ietf helps me with that.

M

By providing a core of people, I can go and consult um what I think we're missing and is probably the next step is to try to get a human rights directorate I, don't like the word directorate in this sense, but in a review team Maybe who cannot tell me what I'm getting wrong in my protocol and what I must do that can ask me the questions.

M

So when I look at the guidance, RFC, I I get to about page three and I've glazed over because I've got protocol work to develop I need somebody who can help me bridge the gap um from my protocol to what should I be thinking about and possibly by the time. I'm. Writing a detailed protocol. Spec in the depth of a working group, it's too late.

M

What we need is a kind of up level, uh almost like a working review of The Working groups, not review the protocols.

A

Niels, you should be able to come on Mike if you want I closed the queue but I'm I'm happy. If you want to jump in, we can't hear you, though, no.

J

There.

A

You are yep.

D

You hear me no.

K

Okay,.

K

Thank you for the question. I I do not have a good academic Citation for landing pad I. Actually try in these talks to stay away from academic academic lingo as much as I can because I don't necessarily find it super helpful.

K

um But I think the question in that sense has answered itself um because three of the people who just took the time to listen to my talk and come up with really interesting and considerate responses to it, we're all people who have been at the IHF for for a long period of time and who all self-identified as Engineers. So it's definitely a two-way street and I.

K

Think again, like the the point that Colin made, that like one of the one of the strengths of this group, is that it brings together people um and that those people are also taken serious uh is is really key um Beyond or in addition to all of the different documents that that the group is producing.

A

So I I put myself in the queue um to kind of come back in on some of the suggestions and to thank folks for making them and also to thank you Corinne, because you've created the space and the discussion that really is self-reflective and helps us I think as a as a research group grow and get better. So some of the suggestions to make that work more visible, I I could I couldn't agree more I. Think we need to think about that um as well.

A

The idea of a directorate I mean it's been tried, as somebody also mentioned in the chat um there wasn't always it wasn't always well received, but I do think your iteration on the model Adrian was useful and that it's not about telling people what they've got wrong, um although that is what directorates and the IDF usually do. Right I mean from a security perspective or whatever that is. You know what they're set up to do.

A

I think it is more of a come along and let's try to work out some of these trade-offs or actually even expose that there is maybe a trade-off. So um I think that point is well taken. I would also say um that's what maybe the guidelines draft is meant to do as well is to sort of document that write it down. Make people aware that that work can be done and then come to hrpc for um the expertise so that all explicit goals I agree.

A

We could all be doing a better job, so um I think we ought to move on because actually we have, we have to update on drafts and and a few um pieces of aob, including um which we probably won't get to um a request to maybe recharter slightly so grin. Let's thank her one more time congratulate her for her award thanks for coming. We wish you could have been here in person all right, um okay. So let me get back to my slides.

A

Okay, well, the current work we have so I'll have um folks who are working on any of the current work, go ahead and throw yourselves in the queue we'll go sort of rapid fire update, um but the first one is on guidelines. This is under irsg review. If I'm not wrong, gershabad I, don't know. If you have anything to add on Mike about this yeah go for it. It would be good just hear where that's at.

N

Hello um yeah uh the guidelines draft- if, if you don't already know about it, is an update to 8280, it um condenses guidelines for people trying to gauge the impact of the protocols they're designing on human rights. It's a set of guidelines. This document is under IRSC review. We received two reviews from Jane coffin and Brian Dremel, and we this week all of the comments have been addressed um so yeah uh just uh I'm.

N

Hopefully the draft will proceed after that, but um yeah the I I signed a summary of the changes on the mailing list uh yesterday, just some reordering of the sections, nothing uh major yet so. Thank you.

A

Thank you for that yeah. So you have uh really appreciate that update and it's also in the data tracker good cool check, check.

A

um Yep go ahead, Nick on freedom of Association, so this is I'm a co-author on that, so we've got Nick as doc, Shepherd um and also Neils, so yeah feel free to give us an update. Please.

F

Yeah, just a very brief update. um Last um IDF we talked about uh making some edits uh Niels to that and I've just finished. Another um round of review and I have an open pull request with some edits. There um I think we've addressed the sort of confusion about considering the same protocol and different issues. I think that's um sort of clearer to read now and so I'm I'm hopeful that, after those minor edits, we could go back to the research group for our last call and and progress from there.

F

So uh no no big changes but I do think there have been some improved edits and, and hopefully we can make it even more readable.

A

So if I'm hearing you right Nick, there will be you're requesting a few additional changes and then we can progress. Is that right.

F

That's right.

A

Thanks for that, Niels I, don't know if you wanted to respond, but I'm going to as a co-author, with my hat on I'll need to look over what those are in terms of what timeline I. Think that will take okay, great Neil says thanks we'll work on it all right, so we do have one more um piece of work that I would um didn't put on this slide, but is in our agenda. So apologies to Sophia for that Sophia come on the mic and I know you have slides as well.

A

You can um you can go ahead and share those or I can share them and pass you, but I think all right go ahead and tell us all about it, because I've not got on the slides there. You are perfect.

J

There you go uh so hey everybody. um We also wanted to talk a little bit about upcoming work. That is happening right now. This is not an official draft, but there's some work that has been happening over at GitHub, so it's just kind of a Call of our actions of a call for action on. If you want to be part of this effort as well, so you can involve yourself on it or if you have any other ideas or what should be part of this work, you can give us also a feedback.

J

So this is a draft that we have been putting together. That was born from the Las ietf ITF 114. We had an invited from Sita um Lana ramij, who gave a presentation about how digital tools and different protocols and different technology is used to enhance intimate partner violence, and in this case we think about intimate partner balance of any kind of balance that is executed with a partner, but also someone you have a intimate relationship with. It could be a caregiver.

J

It could be your parents, it could be someone else, it doesn't have to be always a romantic or sexual relationships.

J

um So basically, we because of that presentation we decided to create a document that tries to provide the standards with recommendations that that, if they are put in certain kind of protocols or systems or any kind of technology that they are describing, what kind of implications can that technology have into enhance abuse in the cases of domestic abuse or, more broadly, in the case of intimate partner violence. So we put together already a kind of a structure of a draft there's already some definitions. So, for example, what is technology-based intimate partner balance?

J

What kind of attackers exist in this place um the specific abuse technology that happens in these cases, some recommendations to protocol designers and we also added security recommendations in case um there's some from security that has to be taken into account. So if you are very interested in this work, uh please join us in the GitHub or in the mailing list. If you think this all sounds reasonable, and this is structure sounds reasonable.

J

Also, let us know if you want anything else, also to be added, let us know, and if you want to participate actively, this draft also let us know and yep, just without a quick update on that. Thank you.

A

Because this is new work, I do actually want to open the queue or invite folks to get into the open queue for any questions about this. um For folks, maybe who didn't come or didn't watch the 114 session, you should it's a fantastic presentation, and so it's really wonderful to see. It's really wonderful. When we have speakers come and then those speakers Inspire work, that's actually the ideal case. It doesn't always happen. That's all right, but go ahead, Khan good to see you in the queue.

E

Hi, uh so just one quick question for clarification: first, uh this draft has not yet been submitted right. It's in progress.

J

No, it's a still in progress. um We do have the first initial structure on some texts and potentially in the next weeks, we mix with tracker yeah.

E

Okay, great thanks.

A

All right awesome! Thank you, Sophia! Okay, thank you, yeah thanks! So much so we have oh yeah. Go ahead. Colin.

E

uh I'll come back. I was expecting more people to comment on that, um so yeah uh Colin, Perkins uh I think this is a really important topic. um Obviously, I haven't read the draft since it's not yet been submitted, but uh I I would certainly encourage work in this space.

A

I'm really glad to hear that. Thank.

E

You.

A

So I'm I'm not going to pull up the chair slides again, but on our agenda we have a short amount of time for um cross-pollination from another working group in the ITF um Adrian. If you're here, you've put yourself in the aob on gnat, oh good, you're, remote, wonderful, so you can also load your slides or I can load them and pass them to you, whichever you prefer.

D

uh I, can uh you can hear me right? uh Yes, we can I can do the slides, fantastic.

D

um

D

Can you see them.

A

Not yet, but sometimes it takes a minute.

D

Oh wait: I have uh uh it's.

A

Fine, if you want to share your screen, but it might also be faster if you just share the slide. I, don't know I.

D

Cry: uh okay, let me uh you can uh do the slides, because uh Chrome is asking me to change permissions. Etc.

D

Okay, uh so I, um so um how you can go to um uh so yes, uh I'm involved in the ganap grant negotiation authorization protocol, uh which is a successor to oauth uh the editors uh were uh you know, editors and principals in uh much of the oauth and Uma uh protocol work um this slide uh and I'm going to go pretty quickly because I wanted very interested in feedback from the group, so there's only uh five slides but anyway, so uh this gets an authorization protocol has privacy issues, of course uh that are significant in the next slide.

D

I'll talk about that, but I am trying to and I've been invited to introduce a human rights consideration into the uh into the document for gnap, um where uh the issue that difference from privacy is that it doesn't consider delegation. It ignores the power asymmetry of the participants in the protocol and the hrpc force. Association uh perspective is directly applicable here.

D

So um what I'm trying to do is convince uh the work group. The gnap work group that unrestricted delegation to the authorization uh uh unrestricted as selection by the subject by the resource owner should be a must or should next slide. Please.

D

Okay, so uh just uh a quick review about what gun app is about. uh It specifies an authorization server that processes requests from a requesting party uh and provides it's a token Factory, what they call and provides access tokens authorizations to access a resource server. This is a list of the Privacy interests that all meet at the authorization server and in particular, what I'm concerned about here is to avoid lock-in to the resource server business.

D

To avoid the ability to have policy surveillance, uh the resource owner's policy should stay either entirely to themselves or to our surrogate, a delegate that they choose and to avoid the opportunity for traffic analysis uh by the uh buy and authorization server processing request that, where that authorization server wasn't selected by the resource owner next slide, please.

D

um And uh I, uh the last ITF uh I was asked to provide a PR uh there's a bunch of discussion after that, uh it's a human rights considerations. Pr I proposed three mitigations, uh but the issue is technically, all three of them uh are possible. uh The issue is whether these must be the human rights issue as I frame it, whether it should be a must or should rather than voluntary, uh next slide, please the last one.

D

So uh the call to action uh for hrpc and ganap is what you see on this slide. First of all, I'm not familiar with a lot of any much of the work in ietf, but it seems to me like an app is the best example for the concerns that are being discussed in hrpc at this time and I'm curious if there are any other examples that might be considered as good uh in recent memory um yesterday.

D

At this time there was a discussion uh which there's a link directly to about 15 minutes worth of 20 minutes worth of discussion in the ganap work group. What's interesting here is that the various commenters and editors and chairs as individuals not necessarily uh officially basically pointed out that uh agreed that hyperscale platforms are an unintended concert, sequence of the way, oauth links the authorization server and the resource server. They discussion of the fact that regulatory capture is a risk and I.

D

Think people in this audience understand all about that and um they mention uh how ganap is intended to work with these standardized verifiable credentials and decentralized identifiers that are coming out of uh w3c and the Linux Foundation as data models. But standardizing these uh data models has a huge potential for Mass surveillance.

D

Now that didn't exist before with less standardized or, of course, analog physical credentials.

D

So uh my claim is that forced association with hyperscale platforms is not not no longer an unintended consequence as it was with uh oauth uh and uh therefore it has to be dealt with uh in the nap by uh making uh hands delegation a must or should. Thank you.

A

Thank you and thank you for bringing this work in to hlpc. I know that um gnap or gnap met yesterday and I. Don't know if there was also a parallel discussion in the working group about uh this issue. I I myself was unable to go because I had a conflict. Can you just give us an indication of how that conversation went yesterday or whether it did.

D

uh Well, I can do better than that. One of the editors uh Fabian uh has agreed to and he's on the Queue. So thank you I. Yes,.

A

Thanks yeah welcome well.

I

Hello. Everyone uh thanks thanks for this Adrian, it's a very interesting work, uh just to say that I'm, one of the creditors of nap, uh we are taking this work very seriously. um It's just as was discussed earlier in one of your previous comments. uh We are quite aware that we need to do security analysis, where we also need to do privacy analysis and we are putting measures in place and for us it's it's kind of something.

I

That's new for us to actually put put measures in place against human rights uh consequences, so that's at least something where I think we would need some. Some additional support and I think that's kind of the message from Adrian, and we we'd like to thank him for that and yesterday it was it was discussed in the group, and actually it was one of the main points where a debate was was quite open.

I

um The main problem we have is is really to find actual technical ways to to do that in in practice, and so that's what we're working on. So. Thank you very much.

A

Foreign thanks for that overview, I suggest, because we've run out of time that um you engage both in the hrpc list and asking for folks from this group to potentially engage in gnap um directly and um talk about that there.

A

Although because this is maybe a Cross Research group cross working group topic, um I would encourage folks to try to CC both lists um as the conversation progresses, but I don't think we can get into it too much more now, although I will wait just a moment in case there are folks in the room um who've not yet signaled. They want to be in the queue all right again, uh thanks, yeah Colin! Please always it's.

E

Friday I didn't move that quickly, um uh Colin Perkins, uh so I I know absolutely nothing about the map other than reading the draft abstract in the last sort of 30 seconds, or so um from what you've been saying. That there's clearly things that that are worth discussing with this group um I think one of the challenges is perhaps going to be uh connecting the two sets of people with very, very different uh expertise, um and so uh I think uh you know, as Mallory says, posting to the lists is, is a good way forward.

E

It may also be useful to make some direct connections and set up some small groups to discuss to avoid the two. The two sets of people with such different backgrounds talking past each other.

A

So just a plea on the mic and to the group, if you are interested in this you've engaged in hrpc you're familiar with um reviewing documents, if you can just indicate to me um at some point or call an event that you want to engage in this, be really grateful for your help and thanks again to the folks uh who brought this both Adrian and Fabian for coming on. Mike um I will just so just to stop this particular discussion and tap very quickly.

A

To the last um of my slides, there's been some suggestions, um also coming from me frankly that um perhaps we could consider a slight recharter. I will also note that we, um the research group, was recently reviewed by the IAB and um that's a process that happens occasionally and I I myself have gone through two um two of those um reviews, and it's just maybe a good time to reflect so I've. Had some I've had some of my own thoughts on what a recharter might look like.

A

I was hoping to go through them with you in this meeting, but there's not really much time. So again, like would just say. Maybe this is a. This is definitely a conversation we'll take to the list um and we'll welcome your feedback in that list discussion.

A

We can also, maybe make sure to allocate more time to this at the 116 meeting in Yokohama since you're not able to totally read it right now, of course, I understand, um but I think the goal would just be to take on some of the feedback that was delivered here today.

A

Even about our ability to do um reviews um bring others along into this work, mainstream it a bit more in the rest of the community and also be able to take on a bit maybe what more we're thinking in terms of policy discussions, because it's not a word that we typically use- or it's not even present in the charter as currently, but certainly something that we in fact are um are doing so to to make that and expose that make it more explicit and expose that um I think might be actually be a useful exercise.

A

Those are just my personal thoughts as the chair, um but Sophia and I will do our best to facilitate a conversation on the list and then at the next meeting. So I apologize that we ran out of time. I really want to appreciate our speakers. I think it was worthwhile taking the time to hear them all out and especially just to take us back to the beginning.

A

I think it was really useful to have Tara talk about a lot of situation, because you can turn on CNN and see it in the cycle, um and it's just no, knowing that there is actually a touchstone in our community to Allah and his case, and it's not just an abstract human rights abuse case. I hope has moved you as much as it um has been moving me to read about the situation. All right thanks, everybody we're going to close now.

A

Thank you.

A

Very much.

A

Foreign.

K

Foreign.