Human Rights Protocol Considerations Research Group D. Gillmor Internet-Draft ACLU Intended status: Informational N. ten Oever Expires: April 18, 2016 Article19 A. Doria APC October 16, 2015 Human Rights Protocol Considerations Glossary draft-dkg-hrpc-glossary-01 Abstract This document presents a glossary of terms used to map between concepts common in human rights discussions and engineering discussions. It is intended to facilitate work by the proposed Human Rights Protocol Considerations research group, as well as other authors within the IETF. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 18, 2016. Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must Gillmor, et al. Expires April 18, 2016 [Page 1] Internet-Draft hrpcg October 2015 include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Security Considerations . . . . . . . . . . . . . . . . . . . 7 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 5. Research Group Information . . . . . . . . . . . . . . . . . 8 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 6.1. Informative References . . . . . . . . . . . . . . . . . 8 6.2. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1. Introduction "There's a freedom about the Internet: As long as we accept the rules of sending packets around, we can send packets containing anything to anywhere." [Berners-Lee] The Human Rights Protocol Consideration Proposed Research Group aims to research whether standards and protocols can enable, strengthen or threaten human rights, as defined in the Universal Declaration of Human Rights [UDHR] and the International Covenant ons Civil and Political Rights [ICCPR], specifically, but not limited to the right to freedom of expression and the right to freedom of assembly. Comunications between people working on human rights and engineers working on Internet protocols can be improved with a shared vocabulary. This document aims to provide a shared vocabulary to facilitate understanding of the intersection between human rights and Internet protocol design. Discussion on this draft at: hrpc@irtf.org // https://www.irtf.org/mailman/admindb/hrpc This document builds on the previous IDs published within the framework of the proposed hrpc research group [ID] Gillmor, et al. Expires April 18, 2016 [Page 2] Internet-Draft hrpcg October 2015 2. Glossary In the analysis of existing RFCs central design and technical concepts have been found which impact human rights. This is an initial glossary of concepts that could bridge human rights discourse and technical vocabulary. These definitions should be improved and further aligned with existing RFCs. Accessibility Full Internet Connectivity as described in [RFC4084] to provide unfettered access to the Internet The design of protocols, services or implementation that provide an enabling environment for people with disabilities. The ability to receive information available on the Internet Anonymity The condition of an identity being unknown or concealed. [RFC4949] Anonymous A state of an individual in which an observer or attacker cannot identify the individual within a set of other individuals (the anonymity set). [RFC6973] Authenticity The act of confirming the truth of an attribute of a single piece of data or entity. Censorship resistance Methods and measures to prevent Internet censorship. Confidentiality The non-disclosure of information to any unintended person or host or party Connectivity The extent to which a device or network is able to reach other devices or networks to exchange data. The Internet is the tool for providing global connectivity [RFC1958]. Content-agnosticism Treating network traffic identically regardless of content. Debugging Debugging is a methodical process of finding and reducing the number of bugs, or defects, or malfunctions in a protocol or its implementation, thus making it behave as expected and analyse the consequences that might have emanated from the error. Debugging tends to be harder when various subsystems are tightly coupled, as changes in one may cause bugs to emerge in another. [WP-Debugging] Gillmor, et al. Expires April 18, 2016 [Page 3] Internet-Draft hrpcg October 2015 The process through which people troubleshoot a technical issue, which may include inspection of program source code or device configurations. Can also include tracing or monitoring packet flow. Decentralized Opportunity for implementation or deployment of standards, protocols or systems without one single point of control. End-to-End The principal of extending characteristics of a protocol or system as far as possible within the system. For example, end- to-end instant message encryption would conceal communications from one user's instant messaging application through any intermediate devices and servers all the way to the recipient's instant messaging application. If the message was decrypted at any intermediate point-for example at a service provider-then the property of end-to-end encryption would not be present. One of the key architectural guidelines of the Internet is the end-to-end principle in the papers by Saltzer, Reed, and Clark [Saltzer] [Clark]. The end-to-end principle was originally articulated as a question of where best not to put functions in a communication system. Yet, in the ensuing years, it has evolved to address concerns of maintaining openness, increasing reliability and robustness, and preserving the properties of user choice and ease of new service development as discussed by Blumenthal and Clark in [Blumenthal]; concerns that were not part of the original articulation of the end-to-end principle. [RFC3724] communication that takes place between communication end-points of the same physical or logical functional level Federation The possibility of connecting autonomous systems into a single distributed system. Heterogenity The Internet is characterized by heterogeneity on many levels: devices and nodes, router scheduling algorithms and queue management mechanisms, routing protocols, levels of multiplexing, protocol versions and implementations, underlying link layers (e.g., point-to-point, multi-access links, wireless, FDDI, etc.), in the traffic mix and in the levels of congestion at different times and places. Moreover, as the Internet is composed of autonomous organizations and internet service providers, each with their own separate policy concerns, there is a large heterogeneity of administrative domains and pricing structures. As a result, heterogeneity principle is proposed in [RFC1958] to be supported by design. [FIArch] Gillmor, et al. Expires April 18, 2016 [Page 4] Internet-Draft hrpcg October 2015 Integrity Maintenance and assurance of the accuracy and consistency of data to ensure it has not been (intentionally or unintentionally) altered Internet censorship Internet censorship is the intentional suppression of information originating, flowing or stored on systems connected to the Internet where that information is relevant for decision making to some entity. [Elahi] Inter-operable A property of a documented standard or protocol which allows different independent implementations to work with each other without any restricted negotiation, access or functionality. Internet Standards as an Arena for Conflict Pursuant to the principle of constant change, since the function and scope of the Internet evolves, so does the role of the IETF in developing standards. Internet standards are adopted on the basis of a series of criteria, including high technical quality, support by community consensus, and their overall benefit to the Internet. The latter calls for an assessment of the interests of all affected parties and the specifications' impact on the Internet's users. In this respect, the effective exercise of the human rights of the Internet users is a relevant consideration that needs to be appreciated in the standardization process insofar as it is directly linked to the reliability and core values of the Internet. [RFC1958] [RFC0226] [RFC3724] Internationalization (i13n) The practice of the adaptation and facilitation of protocols, standards, and implementation to different languages and scripts. Open standards Conform [RFC2606]: Various national and international standards bodies, such as ANSI, ISO, IEEE, and ITU-T, develop a variety of protocol and service specifications that are similar to Technical Specifications defined here. National and international groups also publish "implementors' agreements" that are analogous to Applicability Statements, capturing a body of implementation- specific detail concerned with the practical application of their standards. All of these are considered to be "open external standards" for the purposes of the Internet Standards Process. Openness The quality of the unfiltered Internet that allows for free access to other hosts Permissionless innovation The freedom and ability of to freely create and deploy new protocols on top of the communications constructs that currently exist Gillmor, et al. Expires April 18, 2016 [Page 5] Internet-Draft hrpcg October 2015 Privacy The right of an entity (normally a person), acting in its own behalf, to determine the degree to which it will interact with its environment, including the degree to which the entity is willing to share its personal information with others. [RFC4949] The right of individuals to control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. Privacy is a broad concept relating to the protection of individual autonomy and the relationship between an individual and society, including government, companies and private individuals. It is often summarized as "the right to be left alone" but it encompasses a wide range of rights including protections from intrusions into family and home life, control of sexual and reproductive rights, and communications secrecy. It is commonly recognized as a core right that underpins human dignity and other values such as freedom of association and freedom of speech. The right to privacy is also recognized in nearly every national constitution and in most international human rights treaties. It has been adjudicated upon both by international and regional bodies. The right to privacy is also legally protected at the national level through provisions in civil and/or criminal codes. Reliable Reliability ensures that a protocol will execute its function consistently and error resistant as described and function without unexpected result. A system that is reliable degenerates gracefully and will have a documented way to announce degradation. It also has mechanisms to recover from failure gracefully, and if applicable, allow for partial healing. Resilience The maintaining of dependability and performance in the face of unanticipated changes and circumstances. Robustness The resistance of protocols and their implementations to errors, and to involuntary, legal or malicious attempts to disrupt its mode of operations. [RFC0760] [RFC0791] [RFC0793] [RFC1122] Scalable The ability to handle increased or decreased workloads predictably within defined expectations. There should be a clear definition of its scope and applicability. The limits of a systems scalability should be defined. Stateless / stateful In computing, a stateless protocol is a communications protocol that treats each request as an independent transaction that is unrelated to any previous request so that the communication consists of independent pairs of request and Gillmor, et al. Expires April 18, 2016 [Page 6] Internet-Draft hrpcg October 2015 response. A stateless protocol does not require the server to retain session information or status about each communications partner for the duration of multiple requests. In contrast, a protocol which requires keeping of the internal state on the server is known as a stateful protocol. [WP-Stateless] Strong encryption / cryptography Used to describe a cryptographic algorithm that would require a large amount of computational power to defeat it. [RFC4949] Transparent: "transparency" refers to the original Internet concept of a single universal logical addressing scheme, and the mechanisms by which packets may flow from source to destination essentially unaltered. [RFC2775] The combination of reliability, confidentiality, integrity, anonymity, and authenticity is what makes up security on the Internet ( Reliability ) ( Confidentiality ) ( Integrity ) = communication and information ( Authenticity ) security (technical) ( Anonymity ) The combination of End-to-End, Interoperability, resilience, reliability and robustness is what makes us connectivity on the Internet ( End-to-End ) connectivity = ( Interoperability ) ( Resilience ) ( Reliability ) ( Robustness ) ( Autonomy ) ( Simplicity ) 3. Security Considerations As this draft concerns a research document, there are no security considerations. 4. IANA Considerations This document has no actions for IANA. Gillmor, et al. Expires April 18, 2016 [Page 7] Internet-Draft hrpcg October 2015 5. Research Group Information The discussion list for the IRTF Human Rights Protocol Considerations proposed working group is located at the e-mail address hrpc@ietf.org [1]. Information on the group and information on how to subscribe to the list is at https://www.irtf.org/mailman/listinfo/hrpc Archives of the list can be found at: https://www.irtf.org/mail- archive/web/hrpc/current/index.html 6. References 6.1. Informative References [Berners-Lee] Berners-Lee, T. and M. Fischetti, "Weaving the Web,", HarperCollins p 208, 1999. [Blumenthal] Blumenthal, M. and D. Clark, "Rethinking the design of the Internet: The end-to-end arguments vs. the brave new world", ACM Transactions on Internet Technology, Vol. 1, No. 1, August 2001, pp 70-109. , 2001. [Clark] Clark, D., "The Design Philosophy of the DARPA Internet Protocols", Proc SIGCOMM 88, ACM CCR Vol 18, Number 4, August 1988, pp. 106-114. , 1988. [Elahi] Elahi, T. and I. Goldberg, "CORDON - A taxonomy of Internet Censorship Resistance Strategies", 2012, . [FIArch] "Future Internet Design Principles", January 2012, . [ICCPR] United Nations General Assembly, "International Covenant on Civil and Political Rights", 1976, . [ID] ten Oever, N., Doria, A., and J. Varon, "Proposal for research on human rights protocol considerations", 2015, . Gillmor, et al. Expires April 18, 2016 [Page 8] Internet-Draft hrpcg October 2015 [RFC0226] Karp, P., "Standardization of host mnemonics", RFC 226, DOI 10.17487/RFC0226, September 1971, . [RFC0760] Postel, J., "DoD standard Internet Protocol", RFC 760, DOI 10.17487/RFC0760, January 1980, . [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, DOI 10.17487/RFC0791, September 1981, . [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, DOI 10.17487/RFC0793, September 1981, . [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - Communication Layers", STD 3, RFC 1122, DOI 10.17487/ RFC1122, October 1989, . [RFC1958] Carpenter, B., Ed., "Architectural Principles of the Internet", RFC 1958, DOI 10.17487/RFC1958, June 1996, . [RFC2606] Eastlake 3rd, D. and A. Panitz, "Reserved Top Level DNS Names", BCP 32, RFC 2606, DOI 10.17487/RFC2606, June 1999, . [RFC2775] Carpenter, B., "Internet Transparency", RFC 2775, DOI 10.17487/RFC2775, February 2000, . [RFC3724] Kempf, J., Austein., R., Ed., and IAB, "The Rise of the Middle and the Future of End-to-End: Reflections on the Evolution of the Internet Architecture", RFC 3724, DOI 10.17487/RFC3724, March 2004, . [RFC4084] Klensin, J., "Terminology for Describing Internet Connectivity", BCP 104, RFC 4084, DOI 10.17487/RFC4084, May 2005, . [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, . Gillmor, et al. Expires April 18, 2016 [Page 9] Internet-Draft hrpcg October 2015 [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., Morris, J., Hansen, M., and R. Smith, "Privacy Considerations for Internet Protocols", RFC 6973, DOI 10.17487/RFC6973, July 2013, . [Saltzer] Saltzer, J., Reed, D., and D. Clark, "End-to-End Arguments in System Design", ACM TOCS, Vol 2, Number 4, November 1984, pp 277-288. , 1984. [UDHR] United Nations General Assembly, "The Universal Declaration of Human Rights", 1948, . [WP-Debugging] "Debugging", n.d., . [WP-Stateless] "Stateless protocol", n.d., . 6.2. URIs [1] mailto:hrpc@ietf.org Authors' Addresses Daniel Kahn Gillmor ACLU EMail: dkg@fifthhorseman.net Niels ten Oever Article19 EMail: niels@article19.org Avri Doria APC EMail: avri@apc.org Gillmor, et al. Expires April 18, 2016 [Page 10]