Internet DRAFT - draft-doria-hrpc-proposal
draft-doria-hrpc-proposal
Human Rights Protocol Considerations A. Doria
Internet-Draft dotgay LLC
Intended status: Informational N. ten Oever
Expires: September 10, 2015 Article 19
J. Varon
March 9, 2015
Proposal for research on human rights protocol considerations
draft-doria-hrpc-proposal-01
Abstract
Work has been done on privacy issues that should be considered when
creating an Internet protocol. This draft suggests that similar
considerations may apply for other human rights such as freedom of
expression or freedom of association. A proposal is made for work in
the IRTF researching the possible connections between human rights
and Internet standards and protocols. The goal is to create an
informational RFC concerning human rights protocol considerations.
Discussion on this draft at: hrpc@article19.io
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 10, 2015.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
Doria, et al. Expires September 10, 2015 [Page 1]
�
Internet-Draft Human Rights Protocol Considerations March 2015
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
2. Research topic . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Protocol and Standard Examples . . . . . . . . . . . . . 4
2.1.1. Architecture . . . . . . . . . . . . . . . . . . . . 4
2.1.2. Transparency . . . . . . . . . . . . . . . . . . . . 5
2.1.3. HTTP . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.4. Mailing lists . . . . . . . . . . . . . . . . . . . . 5
2.1.5. Real time communications . . . . . . . . . . . . . . 6
2.1.6. IDNs . . . . . . . . . . . . . . . . . . . . . . . . 6
3. Proposal . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.1. Working Assumptions . . . . . . . . . . . . . . . . . . . 7
4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
6. Security Considerations . . . . . . . . . . . . . . . . . . . 9
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
7.1. Normative References . . . . . . . . . . . . . . . . . . 9
7.2. Informative References . . . . . . . . . . . . . . . . . 9
Appendix A. Additional Stuff . . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13
1. Introduction
The recognition that human rights have a role in Internet policies is
slowly becoming part of the general discourse. Several reports from
former United Nations (UN) Special Rapporteur on the promotion and
protection of the right to freedom of opinion and expression, Frank
La Rue, have made such relation explicit, which lead to the approval
of the landmark resolution "on the promotion, protection and
enjoyment of human rights on the Internet" [HRC2012] at the UN Human
Rights Council (HRC). More recently, to the resolution "The right to
privacy in the digital age" [UNGA2013] at the UN General Assembly.
The NETmundial outcome document [NETmundial] affirms that human
rights, as reflected in the Universal Declaration of Human Rights
[UDHR], should underpin Internet governance principles.
Nevertheless, a direct relation between Internet Standards and human
rights is still something to be explored and more clearly evidenced.
Doria, et al. Expires September 10, 2015 [Page 2]
�
Internet-Draft Human Rights Protocol Considerations March 2015
Concerns for freedom of expression and association were a strong part
of the world-view of the community involved in developing the first
Internet protocols. Apparently, by intention or by coincidence, the
Internet was designed with freedom and openness of communications as
core values. But as the scale and the industrialization of the
Internet has grown greatly, the influence of such world-views started
to compete with other values. The belief of the authors is that as
the Internet continues to grow, the linkage of Internet protocols to
human rights needs to become explicit, structured, and intentional.
Standards and protocols form the basis of the human rights enabling
infrastructure of the Internet. It needs to be determined whether
there is a causal relationship between Internet protocols and
standards, and human rights such as freedom of expression. To study
the relationship between the two one would need to carefully consider
structural and architectural considerations, as well as specific
protocols. The Internet Society paper "Human Rights and Internet
Protocols" [HRIP] "explores human rights and Internet protocols
comparing the processes for their making and the principles by which
they operate and concludes that there are some shared principles
between the two." Though that paper does not go into possible
reasons, dependencies or guidelines, it initiates the discussion.
More research is needed to map human rights concerns to protocol
elements and to frame possible approaches towards protocols that
satisfy the implications of human rights standards.
To move this debate further, a list has been created for discussion
of this draft: hrpc@article19.io and related ideas - information or
subscriptions at: https://lists.ghserv.net/mailman/listinfo/hrpc
1.1. Requirements Language
As this is an informational document describing a research effort, it
will not make use of requirements language as defined in RFC 2119
[RFC2119].
2. Research topic
In a manner similar to the work done for RFC 6973 [RFC6973] on
Privacy Consideration Guidelines, the premise of this research is
that some standards and protocols can solidify, enable or threaten
user rights.
As stated in RFC 1958 [RFC1958], the Internet aims to be the global
network of networks that provides unfettered connectivity to all
users at all times and for any content. Open, secure and reliable
connectivity is essential for rights such as freedom of expression
and freedom of association, as defined in the Universal Declaration
Doria, et al. Expires September 10, 2015 [Page 3]
�
Internet-Draft Human Rights Protocol Considerations March 2015
of Human Rights [UDHR]. Therefore, considering connectivity as the
ultimate objective of the Internet, this makes a clear case that the
Internet is not only an enabler of human rights, but that human
rights lie at the basis of, and are ingrained in, the architecture of
the network.
An essential part of maintaining the Internet as a tool for
communication and connectivity is security. Indeed, "development of
security mechanisms is seen as a key factor in the future growth of
the Internet as a motor for international commerce and communication"
RFC 1984 [RFC1984] and according to the Danvers Doctrine RFC 3365
[RFC3365], there is an overwhelming consensus in the IETF that the
best security should be used and standardized.
In RFC 1984 [RFC1984], the Internet Architecture Board (IAB) and the
Internet Engineering Steering Group (IESG), the bodies which oversee
architecture and standards for the Internet, expressed: "concern by
the need for increased protection of international commercial
transactions on the Internet, and by the need to offer all Internet
users an adequate degree of privacy." Indeed, the IETF has been
doing a significant job in this area [RFC6973] [RFC7258], considering
privacy concerns as a subset of security concerns. [RFC6973]
Besides privacy, it should be possible to highlight other aspects of
connectivity embedded in standards and protocols that can have human
rights considerations, such as freedom of expression and the right to
association and assembly online. This research is working to develop
a methodology that enables us to extract these considerations.
2.1. Protocol and Standard Examples
Some initial topics that need exploration are indicated in this
section. Most of this work has yet to move beyond speculation and
casual conversation. Continuing releases of this draft will develop
these foundational discussions further, based on discussions to be
held on the hrpc@article19.io email list and the work of researchers
working on the project.
2.1.1. Architecture
RFC 1958 [RFC1958] mentions "the community believes that the goal
[of the Internet] is connectivity, the tool is the Internet
Protocol." It continues a bit further: "The current exponential
growth of the network seems to show that connectivity is its own
reward, and is more valuable than any individual application such as
mail or the World-Wide Web." This marks the intrinsic value of
connectivity, which is facilitated by the Internet, both in its
principle, and in practice. This shows that the underlying
Doria, et al. Expires September 10, 2015 [Page 4]
�
Internet-Draft Human Rights Protocol Considerations March 2015
principles of the Internet aim to preserve connectivity, which is
fundamental and similar to the part of Article 19 of the Universal
Declaration of Human Rights [UDHR], which defines a right to receive
and to impart information.
Article 19
Everyone has the right to freedom of opinion and expression; this
right includes freedom to hold opinions without interference and
to seek, receive and impart information and ideas through any
media and regardless of frontiers.
2.1.2. Transparency
Another part of Article 19 of the Universal Declaration of Human
Rights [UDHR] mentions that one has the right to hold opinions
_without interference_ (emphasis added). This same sentiment can be
found in IAB RFC4924 [RFC4924] - Reflection on Internet Transparency
where it states: "A network that does not filter or transform the
data that it carries may be said to be transparent" or "oblivious" to
the content of packets. Networks that provide oblivious transport
enable the deployment of new services without requiring changes to
the core. It is this flexibility that is perhaps both the Internet's
most essential characteristic as well as one of the most important
contributors to its success."
2.1.3. HTTP
Websites made it extremely easy for individuals to publish their
ideas, opinions and thoughts. Never before has the world seen an
infrastructure that made it this easy to share information and ideas
with such a large group of other people. The HTTP architecture and
standards, including RFC 7230 [RFC7230], RFC 7231 [RFC7231], RFC 7232
[RFC7232], RFC 7234 [RFC7234], RFC 7235 [RFC7235], RFC 7236
[RFC7236], and RFC 7327 [RFC7237], are essential for the publishing
of information. The HTTP protocol, therefore, forms an crucial
enabler for freedom of expression, but also for the right to freely
participate in the culture life of the community (Article 27) [UDHR],
to enjoy the arts and to share in scientific advancement and its
benefits.
2.1.4. Mailing lists
Collaboration and cooperation have been part of the Internet since
its early beginning, one of the instruments of facilitating working
together in groups are mailing lists (as described in RFC 2369
[RFC2919], RFC 2919 [RFC2919], and RFC 6783 [RFC6783]. Mailing lists
are critical instruments and enablers for group communication and
organization, and therefore form early artefacts of the
Doria, et al. Expires September 10, 2015 [Page 5]
�
Internet-Draft Human Rights Protocol Considerations March 2015
(standardized) ability of Internet standards to enable the right to
freedom of assembly and association.
2.1.5. Real time communications
Collaborations and cooperation via the Internet have take a large
step forward with the progress of chat and other other real time
communications protocols. The work on XMPP RFC 6162 [RFC6162] has
enabled new methods of global interactions, cooperation and human
right advocacy. The WebRTC work being done to standardize the API
and protocol elements to support real-time communications for
browsers, mobile applications and IoT by the World Wide Consortium
(W3C) and the IETF is another artefact enabling human rights globally
on the Internet.
2.1.6. IDNs
English has been the lingua franca of the Internet, but for many
Internet user English is not their first language. To have a true
global Internet, one that serves the whole world, it would need to
reflect the languages of these different communities. The
Internationalized Domain Names IDNA2008 (RFC 5890 [RFC5890], RFC 5891
[RFC5891], RFC 5892 [RFC5892], and RFC 5893 [RFC5893]), describes
standards for the use of a broad range of strings and characters
(some also written from right to left). This enables users who use
other characters than the standard LDH ascii typeset to have their
own URLs. This shows the ambition of the Internet community to
reflect the diversity of users and to be in line with Article 2 of
the Universal Declaration of Human Rights which clearly stipulates
that "everyone is entitles to all rights and freedoms [..], without
distinction of any kind, such as [..] language [..]."[UDHR]
3. Proposal
To start addressing the issue, a mapping exercise analyzing Internet
architecture and protocols features, vis-a-vis possible impact on
human rights needs is being undertaken.
As part of the research, interviews will be requested with the
current and past members of the Internet Architecture Board (IAB),
current and past members of the Internet Engineering Steering
Group(IESG) and chairs of selected working groups and RFC authors.
Mapping the relation between human rights and protocols and
architectures is a new research challenge, which requires a good
amount of cross organizational cooperation to develop a consistent
methodology. While the authors of this first draft are involved in
both human rights advocacy and research on Internet technologies - we
Doria, et al. Expires September 10, 2015 [Page 6]
�
Internet-Draft Human Rights Protocol Considerations March 2015
believe that bringing this work into the IRTF facilitates and
improves this work by bringing human rights experts together with the
community of researchers and developers of Internet standards and
technologies.
Assuming that the research produces useful results, the objective
will evolve into the creation of a set of recommended considerations
for the protection of applicable human rights.
3.1. Working Assumptions
In the analysis of existing RFCs central design and technical
concepts have been found which impact human rights. These concepts,
working assumptions, will form the lens for the analysis of RFCs and
will be further described vis a vis their impact on human rights.
The combination of content agnosticism, connectivity, security (as
defined in RFC 3365 [RFC3365] and privacy (as defined in RFC 6973
[RFC6973]) are the technical principles that underlay freedom of
expression on the Internet.
Privacy and security are defined, so here we focus on concepts that
have not been defined as considerations that are relevant for freedom
of expression.
This is a first list of concepts, which definitions should be
improved and further aligned with existing RFCs.
Connectivity:
The Internet is the tool for providing global connectivity that
conforms with RFC 1958 [RFC1958]. Therefore all protocols and
standards should aim to improve connectivity, and not to limit it.
Distributed:
To enable and strengthen connectivity, stability, and
sustainability of the network, protocols and standards should be
developed in a way that can be implemented in a distributed way.
If they are not instrumented in a distributed manner, other
'accountability mechanisms' should be in place. Accountability
mechanisms might include features such as access control, logging
and other protocol management.
Inter-operable:
Standards exist to design systems that allow for other systems to
interact freely and openly.
Reliable:
Doria, et al. Expires September 10, 2015 [Page 7]
�
Internet-Draft Human Rights Protocol Considerations March 2015
Reliability ensures that a protocol will execute its function
consistently and error resistant as described and function without
unexpected result. This includes factors such as throughput,
middle boxes, and delay/disruption tolerance. A system that is
reliable degenerates gracefully and will have a documented way to
announce degradation. It will also have mechanisms to recover
from failure.
Scalable:
Any solution should support growth of the network with more hosts,
users and traffic. And have clear definition of its scope and
ideally a proposition how it can be expanded in order to support
greater capacity. Any limits in scalability should be defined.
Stateless / state-full:
If possible protocols should be implemented stateless for
reliability and privacy considerations. If not, they should keep
as little state as possible.
Content agnostic:
Protocols should not treat packets/datagrams differently based on
their content.
Transparent:
Protocols should be transparent in what they can do and can not do
and how it is done.
Debugging:
A protocol should allow a user to troubleshoot and debug possible
causes of malfunction and loss of reliability.
Robust:
Protocols should be resistant to errors, and to involuntary, legal
or malicious attempts to disrupt its mode of operations.
Protocols should be developed in a way that there is no hidden
back doors or kill switches. There should also be a clear
description on how a protocol recovers from potential failures.
End user-centric / representing stakeholder rights:
As proposed in draft-nottingham-stakeholder-rights-00:
Protocols MUST document relevant primary stakeholders and their
interrelationships. [..]
End-user-facing application protocols MUST prioritise their
users higher than any other stakeholders.
Doria, et al. Expires September 10, 2015 [Page 8]
�
Internet-Draft Human Rights Protocol Considerations March 2015
Extensions to existing protocols MUST document how they
interact with the extended protocol's stakeholders. If the
extended protocol's stakeholders are not yet documented, the
extension MAY estimate its impact, in coordination with that
protocol's community and the IESG.
The burden of this documentation need not be high; if HTML can
do it in a paragraph, so can most protocols. While it might be
appropriate in a separate document (e.g., a requirements or use
cases draft) or the protocol specification itself, documenting
stakeholders in the WG charter has considerable benefits, since
it clarifies their relationships up-front.
4. Acknowledgements
This builds on work done by RFC 6973 [RFC6973].
Thanks go to those who have discussed and edited the ideas in this
draft. Special thanks go to Joy Liddicoat as the co-author of
Human Rights and Internet Protocols [HRIP]
5. IANA Considerations
This memo includes no request to IANA.
6. Security Considerations
As this draft concerns a research proposal, there are no security
considerations.
7. References
7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
7.2. Informative References
[HRC2011] Human Rights Council, , "Report of the Special Rapporteur
on the promotion and protection of the right to freedom of
opinion and expression, Human Rights Council, May 2011",
2011.
[HRC2012] General Assembly, UN., "Human Rights Council Resolution on
the promotion, protection and enjoyment of human rights on
the Internet", 2011,
<http://daccess-ods.un.org/TMP/554342.120885849.html>.
Doria, et al. Expires September 10, 2015 [Page 9]
�
Internet-Draft Human Rights Protocol Considerations March 2015
[HRC2013] General Assembly, UN., "Report of the Special Rapporteur
on the promotion and protection of the right to freedom of
opinion and expression, Human Rights Council, April 2013",
2013.
[HRIP] Joy Liddicoat, JL. and AD. Avri Doria, "Human Rights and
Internet Protocols: Comparing Processes and Principles",
2012,
<https://www.Internetsociety.org/sites/default/files/Human
%20Rights%20and%20Internet%20Protocols-%20Comparing%20Proc
esses%20and%20Principles.pdf>.
[ICCPR] General Assembly, UN., "International Covenant on Civil
and Political Rights", 1966,
<http://www.ohchr.org/EN/ProfessionalInterest/Pages/
CCPR.aspx>.
[NETmundial]
NetMundial, , "NETmundial Multistakeholder Statement",
2014, <http://netmundial.br/wp-content/uploads/2014/04/
NETmundial-Multistakeholder-Document.pdf>.
[RFC1958] Carpenter, B., "Architectural Principles of the Internet",
RFC 1958, June 1996.
[RFC1984] IAB, IESG, Carpenter, B., and F. Baker, "IAB and IESG
Statement on Cryptographic Technology and the Internet",
RFC 1984, August 1996.
[RFC2014] Weinrib, A. and J. Postel, "IRTF Research Group Guidelines
and Procedures", BCP 8, RFC 2014, October 1996.
[RFC2369] Neufeld, G. and J. Baer, "The Use of URLs as Meta-Syntax
for Core Mail List Commands and their Transport through
Message Header Fields", RFC 2369, July 1998.
[RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629,
June 1999.
[RFC2919] Chandhok, R. and G. Wenger, "List-Id: A Structured Field
and Namespace for the Identification of Mailing Lists",
RFC 2919, March 2001.
[RFC3365] Schiller, J., "Strong Security Requirements for Internet
Engineering Task Force Standard Protocols", BCP 61, RFC
3365, August 2002.
Doria, et al. Expires September 10, 2015 [Page 10]
�
Internet-Draft Human Rights Protocol Considerations March 2015
[RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC
Text on Security Considerations", BCP 72, RFC 3552, July
2003.
[RFC3869] Atkinson, R., Floyd, S., and Internet Architecture Board,
"IAB Concerns and Recommendations Regarding Internet
Research and Evolution", RFC 3869, August 2004.
[RFC4440] Floyd, S., Paxson, V., Falk, A., and IAB, "IAB Thoughts on
the Role of the Internet Research Task Force (IRTF)", RFC
4440, March 2006.
[RFC4924] Aboba, B. and E. Davies, "Reflections on Internet
Transparency", RFC 4924, July 2007.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008.
[RFC5564] El-Sherbiny, A., Farah, M., Oueichek, I., and A. Al-Zoman,
"Linguistic Guidelines for the Use of the Arabic Language
in Internet Domains", RFC 5564, February 2010.
[RFC5890] Klensin, J., "Internationalized Domain Names for
Applications (IDNA): Definitions and Document Framework",
RFC 5890, August 2010.
[RFC5891] Klensin, J., "Internationalized Domain Names in
Applications (IDNA): Protocol", RFC 5891, August 2010.
[RFC5892] Faltstrom, P., "The Unicode Code Points and
Internationalized Domain Names for Applications (IDNA)",
RFC 5892, August 2010.
[RFC5893] Alvestrand, H. and C. Karp, "Right-to-Left Scripts for
Internationalized Domain Names for Applications (IDNA)",
RFC 5893, August 2010.
[RFC6162] Turner, S., "Elliptic Curve Algorithms for Cryptographic
Message Syntax (CMS) Asymmetric Key Package Content Type",
RFC 6162, April 2011.
[RFC6783] Levine, J. and R. Gellens, "Mailing Lists and Non-ASCII
Addresses", RFC 6783, November 2012.
Doria, et al. Expires September 10, 2015 [Page 11]
�
Internet-Draft Human Rights Protocol Considerations March 2015
[RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J.,
Morris, J., Hansen, M., and R. Smith, "Privacy
Considerations for Internet Protocols", RFC 6973, July
2013.
[RFC7230] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
(HTTP/1.1): Message Syntax and Routing", RFC 7230, June
2014.
[RFC7231] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
(HTTP/1.1): Semantics and Content", RFC 7231, June 2014.
[RFC7232] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
(HTTP/1.1): Conditional Requests", RFC 7232, June 2014.
[RFC7233] Fielding, R., Lafon, Y., and J. Reschke, "Hypertext
Transfer Protocol (HTTP/1.1): Range Requests", RFC 7233,
June 2014.
[RFC7234] Fielding, R., Nottingham, M., and J. Reschke, "Hypertext
Transfer Protocol (HTTP/1.1): Caching", RFC 7234, June
2014.
[RFC7235] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
(HTTP/1.1): Authentication", RFC 7235, June 2014.
[RFC7236] Reschke, J., "Initial Hypertext Transfer Protocol (HTTP)
Authentication Scheme Registrations", RFC 7236, June 2014.
[RFC7237] Reschke, J., "Initial Hypertext Transfer Protocol (HTTP)
Method Registrations", RFC 7237, June 2014.
[RFC7258] Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an
Attack", BCP 188, RFC 7258, May 2014.
[UDHR] General Assembly, UN., "Universal Declaration of Human
Rights", 1948, <http://www.un.org/en/documents/udhr/index.
shtmlhttp://www.ohchr.org/en/udhr/pages/
introduction.aspx>.
[UNGA2013]
General Assembly, UN., "UN General Assembly Resolution
"The right to privacy in the digital age" (A/C.3/68/
L.45)", 2013,
<http://daccess-ods.un.org/TMP/1133732.05065727.html>.
Doria, et al. Expires September 10, 2015 [Page 12]
�
Internet-Draft Human Rights Protocol Considerations March 2015
Appendix A. Additional Stuff
This is a place holder for an Appendix if it is needed.
Authors' Addresses
Avri Doria
dotgay LLC
Providence
USA
Email: avri@acm.org
Niels ten Oever
Article 19
Netherlands
Email: niels@article19.org
Joana Varon
Brazil
Email: joana@varonferraz.com
Doria, et al. Expires September 10, 2015 [Page 13]
