[Docs] [txt|pdf|xml|html] [Tracker] [Email] [Nits]

Versions: 00 01 02 03 04 draft-tenoever-hrpc-research

Human Rights Protocol Considerations Research Group             J. Varon
Internet-Draft                                             Coding Rights
Intended status: Informational                                   C. Cath
Expires: January 7, 2016                       Oxford Internet Institute
                                                           July 06, 2015


            Human Rights Protocol Considerations Methodology
                    draft-varon-hrpc-methodology-00

Abstract

   This document presents steps undertaken for developing a methodology
   to map engineering concepts at the protocol level that may be related
   to promotion and protection of Human Rights, particularly the right
   to freedom of expression and association.  It feeds upon and is
   intended to facilitate the work done by the proposed Human Rights
   Protocol Considerations research group, as well as other authors
   within the IETF.

   Exemplary work [RFC1984] [RFC6973] [RFC7258] has already been done in
   the IETF on privacy issues that should be considered when creating an
   Internet protocol.  But, beyond privacy considerations, concerns for
   freedom of expression and association were also a strong part of the
   world-view of the community involved in developing the first Internet
   protocols.  Indeed, promoting open, secure and reliable connectivity
   is essential for these rights.  But how are this concepts addressed
   in the protocol level?  Are there others?  This ID is intended to
   explain research work done so far and to explore possible
   methodological approaches to move further on exploring and exposing
   the relations between standards and protocols and the promotion and
   protection of the rights to freedom of expression and association.

   Discussion on this draft at: hrpc@irtf.org //
   https://www.irtf.org/mailman/admindb/hrpc

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any



Varon & Cath             Expires January 7, 2016                [Page 1]


Internet-Draft                    hrpcm                        July 2015


   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 7, 2016.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Research Topic  . . . . . . . . . . . . . . . . . . . . . . .   4
   3.  Methodology . . . . . . . . . . . . . . . . . . . . . . . . .   5
     3.1.  Translating Human Rights Concept into Technical
           Definitions . . . . . . . . . . . . . . . . . . . . . . .   6
     3.2.  Map cases of protocols being exploited or enablers  . . .   6
     3.3.  Apply human rights technical definitions to the cases
           mapped  . . . . . . . . . . . . . . . . . . . . . . . . .   6
   4.  Preliminary findings achieved by applying current proposed
       methodology . . . . . . . . . . . . . . . . . . . . . . . . .   7
     4.1.  Translating Human Rights Concept into Technical
           Definitions . . . . . . . . . . . . . . . . . . . . . . .   7
     4.2.  Current Status: . . . . . . . . . . . . . . . . . . . . .   8
     4.3.  Current Status: . . . . . . . . . . . . . . . . . . . . .   8
     4.4.  Current status: . . . . . . . . . . . . . . . . . . . . .   9
     4.5.  Current status: . . . . . . . . . . . . . . . . . . . . .   9
   5.  Next Steps of the Methodology still to be applied . . . . . .   9
     5.1.  Map cases of protocols being exploited or enablers  . . .   9
     5.2.  Apply human rights technical definitions to the cases
           mapped  . . . . . . . . . . . . . . . . . . . . . . . . .   9
   6.  Next Steps of the Methodology still to be developed . . . . .   9
     6.1.  Future research questions . . . . . . . . . . . . . . . .   9
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  10
   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  10
   9.  Research Group Information  . . . . . . . . . . . . . . . . .  10
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .  10



Varon & Cath             Expires January 7, 2016                [Page 2]


Internet-Draft                    hrpcm                        July 2015


     10.1.  Informative References . . . . . . . . . . . . . . . . .  10
     10.2.  URIs . . . . . . . . . . . . . . . . . . . . . . . . . .  12

1.  Introduction

   In a manner similar to the work done for [RFC6973] on Privacy
   Consideration Guidelines, the premise of this research is that some
   standards and protocols can solidify, enable or threaten human
   rights.

   As stated in [RFC1958], the Internet aims to be the global network of
   networks that provides unfettered connectivity to all users at all
   times and for any content.  Our research hypothesis is that
   Internet's objective of connectivity makes it an enabler of human
   rights and that its architectural design tends to converge in
   protecting and promoting the human rights framework.

   Open, secure and reliable connectivity is essential for human rights
   such as freedom of expression and freedom of association, as defined
   in the Universal Declaration of Human Rights [UDHR].  Therefore,
   considering connectivity as the ultimate objective of the Internet,
   makes a clear case that the Internet is not only an enabler of human
   rights, but that human rights lie at the basis of, and are ingrained
   in, the architecture of the network.

   But, while the Internet was designed with freedom and openness of
   communications as core values, as the scale and the commercialization
   of the Internet has grown greatly, the influence of such world-views
   started to compete with other values.  Therefore, decisive and human
   rights enabling characteristics of the Internet might be degraded if
   they're not properly defined, described and protected as such.  And,
   on the other way around, not protecting these characteristics could
   also result in (partial) loss of functionality and connectivity,
   thus, in the internet architecture design itself.

   An essential part of maintaining the Internet as a tool for
   communication and connectivity is security.  Indeed, "development of
   security mechanisms is seen as a key factor in the future growth of
   the Internet as a motor for international commerce and communication"
   [RFC1984] and according to the Danvers Doctrine [RFC3365], there is
   an overwhelming consensus in the IETF that the best security should
   be used and standardized.

   In [RFC1984], the Internet Architecture Board (IAB) and the Internet
   Engineering Steering Group (IESG), the bodies which oversee
   architecture and standards for the Internet, expressed: "concern by
   the need for increased protection of international commercial
   transactions on the Internet, and by the need to offer all Internet



Varon & Cath             Expires January 7, 2016                [Page 3]


Internet-Draft                    hrpcm                        July 2015


   users an adequate degree of privacy."  Indeed, the IETF has been
   doing a significant job in this area [RFC6973] [RFC7258], considering
   privacy concerns as a subset of security concerns.

   Besides privacy, it should be possible to highlight other aspects of
   connectivity embedded in standards and protocols that can have human
   rights considerations, such as freedom of expression and the right to
   association and assembly online.  This ID is willing to explain
   research work done so far and explore possible methodological
   approaches to move further on exploring and exposing these relations
   between standards and protocols and the promotion and protection of
   the rights to freedom of expression and association.

   To move this debate further, information has been compiled at the
   https://datatracker.ietf.org/rg/hrpc/ and discussions are happening
   through the list hrpc@irtf.org

   This document builds on the previous IDs published within the
   framework of the proposed hrpc research group [ID]

2.  Research Topic

   The growing impact of the Internet on the lives of individuals makes
   Internet standards and protocols increasingly important to society.
   The IETF itself, in [RFC2026], specifically states that the
   'interests of the Internet community need to be protected'.  There
   are various examples of protocols and standards having a direct
   impact on society, and by extension the human rights of end-users.
   Privacy is just one example.  Therefore, this proposal for research
   methodology is addressing as research topics the rights to freedom of
   expression and association and it's relations to standards and
   protocols.

   These two rights are described in the Universal Declaration of Human
   Rights:

   Article 19 - Freedom of Expression (FoE) "Everyone has the right to
   freedom of opinion and expression; this right includes freedom to
   hold opinions without interference and to seek, receive and impart
   information and ideas through any media and regardless of frontiers."

   Article 20 - Freedom of Association (FoA) "Everyone has the right to
   freedom of peaceful assembly and association."

   But how to talk about human rights in an engineering context?

   But can we translate these concepts into Internet architecture
   technical terms?



Varon & Cath             Expires January 7, 2016                [Page 4]


Internet-Draft                    hrpcm                        July 2015


   What standards and protocols could have any relationship with freedom
   of expression and association?

   What are the possible relationships between them?

3.  Methodology

   Mapping the relation between human rights and protocols and
   architectures is a new research challenge, which requires a good
   amount of interdisciplinary and cross organizational cooperation to
   develop a consistent methodology.  While the authors of this first
   draft are involved in both human rights advocacy and research on
   Internet technologies - we believe that bringing this work into the
   IRTF facilitates and improves this work by bringing human rights
   experts together with the community of researchers and developers of
   Internet standards and technologies.

   In order to map the potential relation between human rights and
   protocols, so far, the HRPC proposed research group has been gathered
   the data from three specific sources:

   a.  Discourse analysis of RFCs To start addressing the issue, a
   mapping exercise analyzing Internet architecture and protocols
   features, vis-a-vis possible impact on human rights is being
   undertaken.  Therefore, research on the language used in current and
   historic RFCs and mailing list discussions is underway to expose core
   architectural principles, language and deliberations on human rights
   of those affected by the network.

   b.  Interviews with members of the IETF community during the Dallas
   meeting of March 2015 Interviews with the current and past members of
   the Internet Architecture Board (IAB), current and past members of
   the Internet Engineering Steering Group(IESG) and chairs of selected
   working groups and RFC authors.  To get an insider understanding of
   how they view the relationship (if any) between human rights and
   protocols to play out in their work.

   c.  Participant observation in Working Groups By participating in
   various working groups information was gathered about the IETFs day-
   to-day work.  From which which general themes and use-cases about
   human rights and protocols were extracted.

   All this data was then processed using the following three
   consecutive strategies:







Varon & Cath             Expires January 7, 2016                [Page 5]


Internet-Draft                    hrpcm                        July 2015


3.1.  Translating Human Rights Concept into Technical Definitions

   Step 1.1 - Mapping protocols and standards related to FoE and FoA
   Activity: Mapping of protocols and standards that potentially enable
   the internet as a tool for freedom of expression Expected Outcome:
   list of RFCs that describe standards and protocols that are
   potentially more closely related to FoE and FoA.

   Step 1.2 - Extracting concepts from mapped RFCs Activity: Read the
   selected RFCs to highlight central design and technical concepts
   which impact human rights.  Expected Outcome 1: a list of technical
   terms that combined create the enabling environment for freedom of
   expression and freedom of association.  Expected Outcome 2: Possible
   translations of human rights concepts to technical terms.

   Step 1.3 - Building a common glossary In the analysis of existing
   RFCs, central design and technical concepts shall be found which
   impact human rights.  Expected Outcome: a Glossary for human rights
   protocol considerations with a list of concepts and definitions of
   technical concepts

3.2.  Map cases of protocols being exploited or enablers

   Step 1.1 - Cases of protocols being exploited Activity 1: Map cases
   in which users rights have been exploited, violated or compromised,
   analyze which protocols or vulnerabilities in protocols are invovled
   with this.  Activity 2: Understand technical rational for the use of
   particular protocols that undermine human rights.  Expected Outcome:
   list of protocols that have been exploited to expose users to rights
   violation and rationale.

   Step 1.2 - Cases of protocols being enablers Activity: Map cases in
   which users rights have been enabled, promoted and protected and
   analyze which characteristics in the protocols are involved with
   this.  Expected Outcome: list of characteristics in the protocols
   that have been key to promote and protect the rights to freedom of
   expression and association that could be added to our glossary

3.3.  Apply human rights technical definitions to the cases mapped

   Step 1 - Glossary and Cases Activity: Investigate alternative
   technical options from within list of technical design principle (see
   [HRPC-GLOSSARY]) that could have been applied in the mapped cases to
   strengthen our technical definition of FoE and FoA, and hence human
   rights and connectivity of the network.






Varon & Cath             Expires January 7, 2016                [Page 6]


Internet-Draft                    hrpcm                        July 2015


   Expected Outcome: Identify best (and worst) current practices.
   Develop procedures to systematically evaluate protocols for potential
   human rights impact.

4.  Preliminary findings achieved by applying current proposed
    methodology

4.1.  Translating Human Rights Concept into Technical Definitions

   Step 1.1 - Mapping protocols and standards related to FoE and FoA

   Below are some examples of these protocols and standards that might
   be related to FoE and FoA and FoE:

   HTTP Websites made it extremely easy for individuals to publish their
   ideas, opinions and thoughts.  Never before has the world seen an
   infrastructure that made it this easy to share information and ideas
   with such a large group of other people.  The HTTP architecture and
   standards, including [RFC7230], [RFC7231], [RFC7232], [RFC7234],
   [RFC7235], [RFC7236], and [RFC7237], are essential for the publishing
   of information.  The HTTP protocol, therefore, forms an crucial
   enabler for freedom of expression, but also for the right to freely
   participate in the culture life of the community (Article 27) [UDHR],
   to enjoy the arts and to share in scientific advancement and its
   benefits.

   Real time communications through XMPP and WebRTC Collaborations and
   cooperation via the Internet have take a large step forward with the
   progress of chat and other other real time communications protocols.
   The work on XMPP [RFC6162] has enabled new methods of global
   interactions, cooperation and human right advocacy.  The WebRTC work
   being done to standardize the API and protocol elements to support
   real-time communications for browsers, mobile applications and IoT by
   the World Wide Consortium (W3C) and the IETF is another artifact
   enabling human rights globally on the Internet.

   Mailing lists Collaboration and cooperation have been part of the
   Internet since its early beginning, one of the instruments of
   facilitating working together in groups are mailing lists (as
   described in [RFC2639], [RFC2919], and [RFC6783].  Mailing lists are
   critical instruments and enablers for group communication and
   organization, and therefore form early artifacts of the
   (standardized) ability of Internet standards to enable the right to
   freedom of assembly and association.

   IDNs English has been the lingua franca of the Internet, but for many
   Internet user English is not their first language.  To have a true
   global Internet, one that serves the whole world, it would need to



Varon & Cath             Expires January 7, 2016                [Page 7]


Internet-Draft                    hrpcm                        July 2015


   reflect the languages of these different communities.  The
   Internationalized Domain Names IDNA2008 ([RFC5890], [RFC5891],
   [RFC5892], and [RFC5893]), describes standards for the use of a broad
   range of strings and characters (some also written from right to
   left).  This enables users who use other characters than the standard
   LDH ascii typeset to have their own URLs.  This shows the ambition of
   the Internet community to reflect the diversity of users and to be in
   line with Article 2 of the Universal Declaration of Human Rights
   which clearly stipulates that "everyone is entitles to all rights and
   freedoms "[...]", without distinction of any kind, such as "[...]"
   language "[...]"."  [UDHR]

4.2.  Current Status:

   Based on these standards and protocols, a raw list of RFCs that
   describe standards and protocols that are potentially related to FoE
   and FoA is available here: https://github.com/nllz/IRTF-
   HRPC/blob/master/RFC%20overview.ods

   Step 1.2 - Extracting concepts from mapped RFCs The list of RFCs
   compiled above has used to extract our key concepts.

4.3.  Current Status:

   Expected Outcome 1: a list of technical terms that combined create
   the enabling environment for human rights, such a freedom of
   expression and freedom of association.

     Architectural principles                    Enabling features
       and characteristics                        for user rights

                      /------------------------------------------------\
                      |                                                |
    +=================|=============================+                  |
    =                 |                             =                  |
    =                 |           End to end        =                  |
    =                 |          Reliability        =                  |
    =                 |           Resilience        =  Access as       |
    =                 |        Interoperability     =   Human Right    |
    =    Good enough  |          Transparency       =                  |
    =     principle   |       Data minimization     =                  |
    =                 |  Permissionless innovation  =                  |
    =                 |     Graceful degradation    =                  |
    =                 |          Connectivity       =                  |
    =                 |                             =                  |
    =                 \------------------------------------------------/
    =                                               =
    +===============================================+



Varon & Cath             Expires January 7, 2016                [Page 8]


Internet-Draft                    hrpcm                        July 2015


4.4.  Current status:

   Expected Outcome 2: Translating human rights to technical terms.
   This analysis points to translating the concept of freedom of
   expression as follows:

                            +--
                            |  content agnosticism
    freedom of expression = |  connectivity
                            |  privacy
                            |  security
                            +--

   Step 1.3 - Build a common glossary

4.5.  Current status:

   Expected Outcome: A first list of concepts, which definitions should
   be improved and further aligned with existing RFCs, is being publish
   as [ID]

5.  Next Steps of the Methodology still to be applied

5.1.  Map cases of protocols being exploited or enablers

5.2.  Apply human rights technical definitions to the cases mapped

6.  Next Steps of the Methodology still to be developed

6.1.  Future research questions

   All of the steps taken above raise the following question that need
   to be addressed after the research methodological steps outlined
   above have been completed:

   How can the rights enabling environment be safeguarded in (future)
   protocol development?

   How can (nontransparent) human rights violations be minimized in
   (future) protocol development?

   Can we propose guidelines to protect the Internet as a human-rights-
   enabling environment in future protocol development, specially in
   relation to freedom of expression and freedom of association, in a
   manner similar to the work done for Privacy Considerations in
   [RFC6973]?





Varon & Cath             Expires January 7, 2016                [Page 9]


Internet-Draft                    hrpcm                        July 2015


   Assuming that the research produces useful results, can the objective
   evolve into the creation of a set of recommended considerations for
   the protection of applicable human rights?

7.  Security Considerations

   As this draft concerns a research document, there are no security
   considerations.

8.  IANA Considerations

   This document has no actions for IANA.

9.  Research Group Information

   The discussion list for the IRTF Human Rights Protocol Considerations
   proposed working group is located at the e-mail address hrpc@ietf.org
   [1].  Information on the group and information on how to subscribe to
   the list is at https://www.irtf.org/mailman/listinfo/hrpc

   Archives of the list can be found at: https://www.irtf.org/mail-
   archive/web/hrpc/current/index.html

10.  References

10.1.  Informative References

   [HRPC-GLOSSARY]
              ten Oever, N., Doria, A., and D. Gillmor, "Human Rights
              Protocol Considerations Glossary", 2015,
              <https://www.ietf.org/id/draft-dkg-hrpc-glossary-00.txt>.

   [ID]       ten Oever, N., Doria, A., and J. Varon, "Proposal for
              research on human rights protocol considerations", 2015,
              <http://tools.ietf.org/html/draft-doria-hrpc-proposal>.

   [RFC1958]  Carpenter, B., "Architectural Principles of the Internet",
              RFC 1958, June 1996.

   [RFC1984]  IAB, IESG, Carpenter, B., and F. Baker, "IAB and IESG
              Statement on Cryptographic Technology and the Internet",
              RFC 1984, August 1996.

   [RFC2026]  Bradner, S., "The Internet Standards Process -- Revision
              3", BCP 9, RFC 2026, October 1996.

   [RFC2639]  Hastings, T. and C. Manros, "Internet Printing
              Protocol/1.0: Implementer's Guide", RFC 2639, July 1999.



Varon & Cath             Expires January 7, 2016               [Page 10]


Internet-Draft                    hrpcm                        July 2015


   [RFC2919]  Chandhok, R. and G. Wenger, "List-Id: A Structured Field
              and Namespace for the Identification of Mailing Lists",
              RFC 2919, March 2001.

   [RFC3365]  Schiller, J., "Strong Security Requirements for Internet
              Engineering Task Force Standard Protocols", BCP 61, RFC
              3365, August 2002.

   [RFC5890]  Klensin, J., "Internationalized Domain Names for
              Applications (IDNA): Definitions and Document Framework",
              RFC 5890, August 2010.

   [RFC5891]  Klensin, J., "Internationalized Domain Names in
              Applications (IDNA): Protocol", RFC 5891, August 2010.

   [RFC5892]  Faltstrom, P., "The Unicode Code Points and
              Internationalized Domain Names for Applications (IDNA)",
              RFC 5892, August 2010.

   [RFC5893]  Alvestrand, H. and C. Karp, "Right-to-Left Scripts for
              Internationalized Domain Names for Applications (IDNA)",
              RFC 5893, August 2010.

   [RFC6162]  Turner, S., "Elliptic Curve Algorithms for Cryptographic
              Message Syntax (CMS) Asymmetric Key Package Content Type",
              RFC 6162, April 2011.

   [RFC6783]  Levine, J. and R. Gellens, "Mailing Lists and Non-ASCII
              Addresses", RFC 6783, November 2012.

   [RFC6973]  Cooper, A., Tschofenig, H., Aboba, B., Peterson, J.,
              Morris, J., Hansen, M., and R. Smith, "Privacy
              Considerations for Internet Protocols", RFC 6973, July
              2013.

   [RFC7230]  Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
              (HTTP/1.1): Message Syntax and Routing", RFC 7230, June
              2014.

   [RFC7231]  Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
              (HTTP/1.1): Semantics and Content", RFC 7231, June 2014.

   [RFC7232]  Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
              (HTTP/1.1): Conditional Requests", RFC 7232, June 2014.

   [RFC7234]  Fielding, R., Nottingham, M., and J. Reschke, "Hypertext
              Transfer Protocol (HTTP/1.1): Caching", RFC 7234, June
              2014.



Varon & Cath             Expires January 7, 2016               [Page 11]


Internet-Draft                    hrpcm                        July 2015


   [RFC7235]  Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
              (HTTP/1.1): Authentication", RFC 7235, June 2014.

   [RFC7236]  Reschke, J., "Initial Hypertext Transfer Protocol (HTTP)
              Authentication Scheme Registrations", RFC 7236, June 2014.

   [RFC7237]  Reschke, J., "Initial Hypertext Transfer Protocol (HTTP)
              Method Registrations", RFC 7237, June 2014.

   [RFC7258]  Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an
              Attack", BCP 188, RFC 7258, May 2014.

   [UDHR]     United Nations General Assembly, "The Universal
              Declaration of Human Rights", 1948,
              <http://www.un.org/en/documents/udhr/>.

10.2.  URIs

   [1] mailto:hrpc@ietf.org

Authors' Addresses

   Joana Varon
   Coding Rights

   EMail: joana@codingrights.org


   Corinne Cath
   Oxford Internet Institute

   EMail: corinne.cath@oii.ox.ac.uk



















Varon & Cath             Expires January 7, 2016               [Page 12]


Html markup produced by rfcmarkup 1.129d, available from https://tools.ietf.org/tools/rfcmarkup/