[Docs] [txt|pdf|xml|html] [Tracker] [Email] [Nits]

Versions: 00

Human Rights Protocol Considerations Research Group         N. ten Oever
Internet-Draft                                                ARTICLE 19
Intended status: Informational                          G. Perez de Acha
Expires: September 13, 2017                           Derechos Digitales
                                                          March 12, 2017

                 Freedom of Association on the Internet


   This documents aims to document the relation between Internet
   protocols and the right to freedom of assembly and association.  The
   Internet increasingly mediates our lives and thus the ability to
   excercise human rights.  Since Internet protocols play a central role
   in the management, development and use of the Internet the relation
   between the two should be documented and adverse impacts on this
   human right should be mitigated.  On the other hand there have also
   been methods of protest, a form of freedom of assembly, on the
   Internet that have been harmful to Internet connectivity and the
   Internet infrastructure, such as DDoS attacks.  This document aims to
   document forms of protest, association and assembly that do not have
   a negative impact on the Internet infrastructure.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 13, 2017.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

ten Oever & Perez de AcExpires September 13, 2017               [Page 1]

Internet-Draft                     FoA                        March 2017

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Vocabulary used . . . . . . . . . . . . . . . . . . . . . . .   4
   3.  Research questions  . . . . . . . . . . . . . . . . . . . . .   5
   4.  Cases and examples  . . . . . . . . . . . . . . . . . . . . .   5
     4.1.  Communicating . . . . . . . . . . . . . . . . . . . . . .   5
       4.1.1.  Mailinglists  . . . . . . . . . . . . . . . . . . . .   5
       4.1.2.  Multi party video conferencing and risks  . . . . . .   5
       4.1.3.  Reaching out  . . . . . . . . . . . . . . . . . . . .   6
     4.2.  Working together (peer production)  . . . . . . . . . . .   7
       4.2.1.  Version control . . . . . . . . . . . . . . . . . . .   8
     4.3.  Grouping together (identities)  . . . . . . . . . . . . .   8
       4.3.1.  DNS . . . . . . . . . . . . . . . . . . . . . . . . .   8
       4.3.2.  ISPs  . . . . . . . . . . . . . . . . . . . . . . . .   8
   5.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   8
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   8
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   8
   8.  Research Group Information  . . . . . . . . . . . . . . . . .   8
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   9
     9.1.  Informative References  . . . . . . . . . . . . . . . . .   9
     9.2.  URIs  . . . . . . . . . . . . . . . . . . . . . . . . . .  12
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  12

1.  Introduction

   Freedom of assembly and freedom of association are two human rights
   that protect and enable collective action and expression [UDHR]
   [ICCPR].  This is important because causes and opinions take more
   force within a group of people that come together for the same means

   The difference between the freedom of assembly and the freedom of
   associotiation is merely gradual one.  An assembly is an intentional
   and temporary gathering of a collective in a private or public space
   for a specific purpose: demonstrations, inside meetings, strikes,
   processions, rallies or even sits-in [UNHRC].  The right to protest
   is one of the rights encompassed by freedom of assembly, but also

ten Oever & Perez de AcExpires September 13, 2017               [Page 2]

Internet-Draft                     FoA                        March 2017

   exercised along with freedom of expression and the right to hold an
   opinion.  Nonetheless, protest unlike assembly, implies an element of
   dissent that can be exercised individually, where as assembly always
   has a collective component [ARTICLE19].

   Association on the other hand has a more formal nature.  It refers to
   a group of individuals or any legal entities brought together in
   order to collectively act, express, promote, pursue or defend a field
   of common interests [UNGA].  This means civil society organizations,
   clubs, cooperatives, NGOs, religious associations, political parties,
   trade unions, foundations or even online associations as the Internet
   has been instrumental, for instance, in 'facilitating active citizen
   participation in building democratic societies' [UNHRC].

   In less democratic or authoritarian countries, online association and
   assembly has been crucial to mobilise groups and people, where
   physical gatherings have been impossible or dangerous [APC].  Both
   rights protect the right to join or leave a group of choice.  Thus
   any collective, gathered for peaceful purposes, is protected by these

   In draft-irtf-hrpc-research the relationship between human rights and
   Internet protocols has been shown, and guidelines for considerations
   of human rights impact in protocol design have been provided.

   Further research is needed to understand the exact shape, extend and
   form of Internet protocols on human rights.  This document aims to
   break down the relationship between Internet protocols and the right
   to freedom of assembly and association.

   The right to privacy and the right to freedom of expression are the
   most discussed human rights when it comes to the Internet.  Still we
   must recognize that communities, collaboration and joint action lie
   at the heart of the Internet.

   Even at at linguistical level, the words "networks" and
   "associations" are close synonyms.  Both interconnected groups and
   association of persons depend on "links" and "relationships" [Swire].
   One could even argue that as a whole, the networked internet
   constitutes a big collective, and thus an assembly and an

   On the other hand, IETF itself, defined as a 'open global community'
   of network designers, operators, vendors, and researchers, is also
   protected by freedom of assembly and association [RFC3233].
   Discussion, comments and consensus around RFCs are possible because
   of the collective expression that freedom of association and assembly
   allow.  The very word "protocol" found its way into the language of

ten Oever & Perez de AcExpires September 13, 2017               [Page 3]

Internet-Draft                     FoA                        March 2017

   computer networking based on the need for collective agreement among
   network users [HafnerandLyon].

   Throughtout the world -from the Arab Spring to Latin American student
   movements- the Internet has also played a crucial role by providing a
   means for the fast dissemination of information that was otherwise
   mediated by broadcast media, or even forbidden by the government
   [Pensado].  According to Hussain and Howard the Internet helped to
   'build solidarity networks and identification of collective
   identities and goals', facilitate protest, 'extend the range of local
   coverage to international broadcast networks' and as platform for
   contestation for the future of 'the future of civil society and
   information infrastructure' [HussainHoward].

   However, some of these examples go beyond the use of Internet
   protocols and flow over into the applications layer or association in
   the offline world, whereas we'll focus on the Internet protocols and

   This can be contrasted with the example of association on the
   infrastructure level (albeit one can contest wether this is
   'peaceful') of Distributed Denial of Service Attacks (DDoS) in which
   the infrastructure of the Internet is used to express discontent with
   a specific cause [Abibil] [GreenMovement].  Unfortunately more of
   than not DDoS are used to stifle freedom of expression, complicate
   the ability of independent media and human rights organizations to
   exercise their right to (online) freedom of association, while
   facilitating the ability of governments to censor dissent.  This is
   one of the reasons protocols should seek to mitigate DDoS attacks

   This document will further seek to map how the internet architecture
   impacts freedom of association and assembly.

2.  Vocabulary used

   Anonymity  The condition of an identity being unknown or concealed.

   Censorship resistance  Methods and measures to mitigate Internet

   Connectivity  The extent to which a device or network is able to
      reach other devices or networks to exchange data.  The Internet is
      the tool for providing global connectivity [RFC1958].  Different
      types of connectivity are further specified in [RFC4084].  The
      combination of the end-to-end principle, interoperability,
      distributed architecture, resilience, reliability and robustness

ten Oever & Perez de AcExpires September 13, 2017               [Page 4]

Internet-Draft                     FoA                        March 2017

      are the enabling factors that result in connectivity to and on the

   Decentralization  Implementation or deployment of standards,
      protocols or systems without one single point of control.

   Pseudonymity  The ability to disguise one's identity online with a
      different name than the "real" one, allowing for diverse degrees
      of disguised identity and privacy.  It is strengthened when less
      personal data can be linked to the pseudonym; when the same
      pseudonym is used less often and across fewer contexts; and when
      independently chosen pseudonyms are more frequently used for new
      actions (making them, from an observer's or attacker's
      perspective, unlinkable)."  [RFC6973]

3.  Research questions

   How does the internet architecture enables and/or inhibits freedom of
   association and assembly.

4.  Cases and examples

4.1.  Communicating

4.1.1.  Mailinglists

   Since the beginning of the Internet mailing lists have been a key
   site of assembly and association [RFC0155] [RFC1211].  In fact,
   mailing lists were one of the Internet's first functionalities

   In 1971, four years after the invention of email, the first mailing
   list was created to discuss the idea of using Arpanet for discussion.
   By this time, what had initially propelled the Arpanet project
   forward as a resource sharing platform was gradually replaced by the
   idea of a network as a means of bringing people together [Abbate].
   More than 45 years after, mailing lists are pervasive and help
   communities to engage, have discussion, share information, ask
   questions, and build ties.  Even as social media and discussion
   forums grew, mailing lists continue to be widely used
   [AckermannKargerZhang].  They are a crucial tool to organise groups
   and individuals around themes and causes [APC].

4.1.2.  Multi party video conferencing and risks

   'Beginning in early 2008, Iranian security entities have engaged in
   operations to identify and arrest administrators of "illicit"
   websites and social media groups.  In recent years, the detention and

ten Oever & Perez de AcExpires September 13, 2017               [Page 5]

Internet-Draft                     FoA                        March 2017

   interrogation of members of online communities has been publicized by
   state media for propaganda purposes.  However, the heavy-handedness
   of the government has also inadvertently created a situation where
   Iranian users are better positioned than others to avoid some
   surveillance activities - increasing the burden of finding
   pseudonymous users.'  [AndersonGuarnieri].

   'The WebRTC protocol was designed to enable responsive real-time
   communications over the Internet, and is instrumental in allowing
   streaming video and conferencing applications to run in the browser.
   In order to easily facilitate direct connections between computers
   (bypassing the need for a central server to act as a gatekeeper),
   WebRTC provides functionality to automatically collect the local and
   public IP addresses of Internet users (ICE or STUN).  These functions
   do not require consent from the user, and can be instantiated by
   sites that a user visits without their awareness.  The potential
   privacy implications of this aspect of WebRTC are well documented,
   and certain browsers have provided options to limit its behavior.'

   'The disclosure of network addresses presents a specific risk to
   individuals that use privacy tools to conceal their real IP address
   to sites that they visit.  Typically, when a user browses the
   Internet over a VPN, the only address that should be recorded by
   sites they visit would be that of the VPN provider itself.  Using the
   WebRTC STUN function allows a site to additionally enumerate the
   addresses that are associated with the computer that the visitor is
   using - rather than those of intermediaries.  This means that if a
   user is browsing the Internet on an ADSL connection over a VPN, a
   malicious site they visit could potentially surreptitious record the
   home address of the user.'  [AndersonGuarnieri].

4.1.3.  Reaching out

   In the 1990s as the internet became more and more commercial, spam
   came to be defined as irrelevant or unsolicited messages that were
   porsted many times to multiple news groups or mailing lists [Marcus].
   Here the question of consent is crucial.  In the 2000s a large part
   of the discussion revolved around the fact that certain corporations
   -protected by the right to freedom of association- considered spam to
   be a form of "comercial speech", thus encompassed by free expression
   rights [Marcus].  Nonetheless, if we consider that the rights to
   assembly and association also mean that "no one may be compelled to
   belong to an association" [UDHR], spam infringes both rights if an
   op-out mechanism is not provided and people are obliged to receive
   unwanted information, or be reached by people they do not know.

ten Oever & Perez de AcExpires September 13, 2017               [Page 6]

Internet-Draft                     FoA                        March 2017

   This leaves us with an interesting case: spam is currently handled
   mostly by mailproviders on behalf of the user, next to that countries
   are increasingly adopting opt-in regimes for mailinglists and
   commercial e-mail, with a possibility of serious fines in case of

   This protects the user from being confronted with unwanted messages,
   but it also makes it legally and technically very difficult to
   communite a message to someone who did not explicitly ask for this.
   In the public offline spaces we regularly get exposed to flyers,
   invitations or demonstrations where our opinions get challenged, or
   we are invited to consider different viewpoints.  There is no
   equivalent on the Internet with the technical and legal regime that
   currently operates in it.  In other words, it is nearly impossible
   impossibility to provide information, in a proportionate manner, that
   someone is not explicility expecting or asking for.  This reinforces
   a concept that is regularly discussed on the application level,
   called 'filter bubble': "The proponents of personalization offer a
   vision of a custom-tailored world, every facet of which fits us
   perfectly.  It's a cozy place, populated by our favorite people and
   things and ideas."  [Pariser].  "The filter bubble's costs are both
   personal and cultural.  There are direct consequences for those of us
   who use personalized filters.  And then there are societal
   consequences, which emerge when masses of people begin to live a
   filter bubbled-life (...).  Left to their own devices,
   personalization filters serve up a kind of invisible autopropaganda,
   indoctrinating us with our own ideas, amplifying our desire for
   things that are familiar and leaving us oblivious to the dangers
   lurking in the dark territory of the uknown."  [Pariser].  It seem
   that the 'filter bubble'-effect can also be observed at the
   infrastructure level, which actually strenghtens the impact and thus
   hampers the effect of collective expression.

   There have been creative alternative for this problem, such as when a
   message was distributed to the server logs of millons of servers
   through the 'masscan'-tool [Cox].

4.2.  Working together (peer production)

   At the organizational level, peer production is one of the most
   relevant innovations from Internet mediated social practices.
   According to Benkler, it implies 'open collaborative innovation and
   creation, performed by diverse, decentralized groups organized
   principally by neither price signals nor organizational hierarchy,
   harnessing heterogeneous motivations, and governed and managed based
   on principles other than the residual authority of ownership
   implemented through contract.'  [Benkler].

ten Oever & Perez de AcExpires September 13, 2017               [Page 7]

Internet-Draft                     FoA                        March 2017

4.2.1.  Version control

   Ever since developers needed to collaboratively write, maintain and
   discuss large code basis for the Internet there have been different
   approaches of doing so.  One approach is discussing code through
   mailing lists, but this has proven to be hard in case of maintaining
   the most recent versions.  There are many different versions and
   characteristics of version control systems.

   Centralization - differences (and gradients) between free (as in
   beer) and free (as in freedom).  Git vs Github.

4.3.  Grouping together (identities)

   Collective identities are also protected by freedom of association
   and assembly rights.  Acording to Melucci these are 'shared
   definitions produced by several interacting individuals who are
   concerned with the orientation of their action as well as the field
   of opportunities and constraints in which their action takes place.'

4.3.1.  DNS

   Advantages and disadvantages

4.3.2.  ISPs

   Access, diversity and forced association

5.  Acknowledgements

6.  Security Considerations

   As this draft concerns a research document, there are no security

7.  IANA Considerations

   This document has no actions for IANA.

8.  Research Group Information

   The discussion list for the IRTF Human Rights Protocol Considerations
   Research Group is located at the e-mail address hrpc@ietf.org [1].
   Information on the group and information on how to subscribe to the
   list is at https://www.irtf.org/mailman/listinfo/hrpc

ten Oever & Perez de AcExpires September 13, 2017               [Page 8]

Internet-Draft                     FoA                        March 2017

   Archives of the list can be found at: https://www.irtf.org/mail-

9.  References

9.1.  Informative References

   [Abbate]   Janet Abbate, ., "Inventing the Internet", Cambridge: MIT
              Press (2013): 11. , 2013, <https://mitpress.mit.edu/books/

   [Abibil]   Danchev, D., "Dissecting 'Operation Ababil' - an OSINT
              Analysis", 2012, <http://ddanchev.blogspot.be/2012/09/

              Ackerman, M., Karger, D., and A. Zhang, "Mailing Lists:
              Why Are They Still Here, What's Wrong With Them, and How
              Can We Fix Them?", Mit. edu (2017): 1. , 2017,

              Anderson, C. and C. Guarnieri, "Fictitious Profiles and
              webRTC's Privacy Leaks Used to Identify Iranian
              Activists", 2016,

   [APC]      Association for Progressive Communications and . Gayathry
              Venkiteswaran, "Freedom of assembly and association online
              in India, Malaysia and Pakistan. Trends, challenges and
              recommendations.", 2016,

              ARTICLE 19, "The Right to Protest Principles: Background
              Paper", 2016,
              Protest-Background-paper-Final-April-2016.pdf page 7>.

   [BCP72]    IETF, "Guidelines for Writing RFC Text on Security
              Considerations", 2003, <https://datatracker.ietf.org/doc/

ten Oever & Perez de AcExpires September 13, 2017               [Page 9]

Internet-Draft                     FoA                        March 2017

   [Benkler]  Benkler, Y., "Peer Production and Cooperation", 2009,

   [Cox]      Cox, J., "Chaos Communication Congress Hackers Invaded
              Millions of Servers With a Poem", 2016,

              Villeneuve, N., "Iran DDoS", 2009,

              Hafnerand, K. and M. Lyon, "Where Wizards Stay Up Late.
              The Origins of the Internet", First Touchstone Edition
              (1998): 93. , 1998, <https://doi.org/10.1111/misr.12020>.

              Hussain, M. and P. Howard, "What Best Explains Successful
              Protest Cascades? ICTs and the Fuzzy Causes of the Arab
              Spring", Int Stud Rev (2013) 15 (1): 48-66. , 2013,

   [ICCPR]    United Nations General Assembly, "International Covenant
              on Civil and Political Rights", 1976,

   [Marcus]   Marcus, J., "Commercial Speech on the Internet: Spam and
              the first amendment", 1998, <http://www.cardozoaelj.com/

   [Melucci]  Melucci, A., "The Process of Collective Identity", Temple
              University Press, Philadelphia , 1995.

   [Pariser]  Pariser, E., "The Filter Bubble: How the New Personalized
              Web Is Changing What We Read and How We Think", Peguin
              Books, London. , 2012.

   [Pensado]  Jaime Pensado, ., "Student Activism. Utopian Dreams.",
              ReVista. Harvard Review of Latin America (2012). , 2012,

   [RFC0155]  North, J., "ARPA Network mailing lists", RFC 155,
              DOI 10.17487/RFC0155, May 1971,

ten Oever & Perez de AcExpires September 13, 2017              [Page 10]

Internet-Draft                     FoA                        March 2017

   [RFC1211]  Westine, A. and J. Postel, "Problems with the maintenance
              of large mailing lists", RFC 1211, DOI 10.17487/RFC1211,
              March 1991, <http://www.rfc-editor.org/info/rfc1211>.

   [RFC1958]  Carpenter, B., Ed., "Architectural Principles of the
              Internet", RFC 1958, DOI 10.17487/RFC1958, June 1996,

   [RFC3233]  Hoffman, P. and S. Bradner, "Defining the IETF", BCP 58,
              RFC 3233, DOI 10.17487/RFC3233, February 2002,

   [RFC4084]  Klensin, J., "Terminology for Describing Internet
              Connectivity", BCP 104, RFC 4084, DOI 10.17487/RFC4084,
              May 2005, <http://www.rfc-editor.org/info/rfc4084>.

   [RFC4949]  Shirey, R., "Internet Security Glossary, Version 2",
              FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007,

   [RFC6973]  Cooper, A., Tschofenig, H., Aboba, B., Peterson, J.,
              Morris, J., Hansen, M., and R. Smith, "Privacy
              Considerations for Internet Protocols", RFC 6973,
              DOI 10.17487/RFC6973, July 2013,

   [Swire]    Peter Swire, ., "Social Networks, Privacy, and Freedom of
              Association: Data Empowerment vs. Data Protection", North
              Carolina Law Review (2012) 90 (1): 104. , 2012,
              <https://ssrn.com/abstract=1989516 or

              de Tocqueville, A., "Democracy in America", n.d., <http://
              democracy_in_america_vol_2.pdf p. 304>.

   [UDHR]     United Nations General Assembly, "The Universal
              Declaration of Human Rights", 1948,

   [UNGA]     Hina Jilani, ., "Human rights defenders", A/59/401 , 2004,
              view_doc.asp?symbol=A/59/401 para. 46>.

ten Oever & Perez de AcExpires September 13, 2017              [Page 11]

Internet-Draft                     FoA                        March 2017

   [UNHRC]    Maina Kiai, ., "Report of the Special Rapporteur on the
              rights to freedom of peaceful assembly and of
              association", A/HRC/20/27 , 2012,

9.2.  URIs

   [1] mailto:hrpc@ietf.org

Authors' Addresses

   Niels ten Oever

   EMail: niels@article19.org

   Gisela Perez de Acha
   Derechos Digitales

   EMail: gisela@derechosdigitales.org

ten Oever & Perez de AcExpires September 13, 2017              [Page 12]

Html markup produced by rfcmarkup 1.121, available from https://tools.ietf.org/tools/rfcmarkup/