Re: [arch-d] [Last-Call] Call for Comment: <draft-iab-for-the-users-02> (The Internet is for End Users)

Rene Struik <> Thu, 06 February 2020 14:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5E8C91208A4; Thu, 6 Feb 2020 06:23:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id qAZFUHp3B-bA; Thu, 6 Feb 2020 06:23:28 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::82d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3E76212092C; Thu, 6 Feb 2020 06:23:28 -0800 (PST)
Received: by with SMTP id t13so4600656qto.3; Thu, 06 Feb 2020 06:23:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=WU0cpws4mFPff/2AXuRV4WAS7WvITMqWnW57CeoBDBY=; b=si2cCilqlR3ywTd8/Kt6N95AcRSyjojqbC0v+eW8QyiaOLsd8z5huY3aqkk8m+kGq0 77BVmPIvDsZhtZfq9BlC5qjhMHcHS3hPQSq75VuzYCuIi7+LUydFgNa/Aa9wfHuWOPwd 8/7w/B75Y+O6Bdh/2HxPL2d0p1xb7WoajNCkP2xhbLKXcYDFbGzizululY6/m7v6zPx+ eBeYcYoatAKvVLdmOpeD1MJO2q9u66GV4OAGalZPxLxoJkf7CAPQbZ88Xn0k2CVABp+q Db5c4UxCT5WjbVJVCGOyADvZmJJgA3WkhUuZMfiQA+FkgMRNjua8fU/+UiaU/U/08CuY UMtw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=WU0cpws4mFPff/2AXuRV4WAS7WvITMqWnW57CeoBDBY=; b=T6mEKplizMqRId7lptsLfFCEFQFB285J+qAUoouJ0f+sYCcEnhOMnB7oEoEIw1ztRG twYpLUh/YAiYdNBb+Vr9OPiI9xZ6nbrljNG8+w/52Ow1mC6e/ra2o6DlrJIRlUlcgPBi XRy7Qz9vxSFbcIQOoGxIPE8qbHZUOrMQIu5FMLXzH9tKNsOg3rAyi2JhkjDVbKBlHEL8 DKs8Nw0e5XZRWDeeHotqIWDHNWifmKIlIGtlk0vwIMRtXd0kWf4EIlOqfh7PB7YYBeeg dpFo8IhcthgZnLQ8JseS8c7RbnvM6UxmVuQB+hm5lKvsVkNx7gmtMSOrkN80Pqbe7MUY URhA==
X-Gm-Message-State: APjAAAVS+pxMuYQKq+nfKOtQdMvrmSJ7fSna65XFv/MY5Vvu8mhpdMxJ nRc2MN/XB0oCT1DT+J1A7rqxoE63
X-Google-Smtp-Source: APXvYqx1z9i1HfzAa+Ivbh5L+TCBHZCFiOZwSfPJcKSRxnjW903olbm+yolqtTAeG9hpvICxFYIx0Q==
X-Received: by 2002:ac8:4446:: with SMTP id m6mr2894434qtn.159.1580999007000; Thu, 06 Feb 2020 06:23:27 -0800 (PST)
Received: from ?IPv6:2607:fea8:6a0:1a5a:25c8:2911:e3e3:2aa2? ([2607:fea8:6a0:1a5a:25c8:2911:e3e3:2aa2]) by with ESMTPSA id p135sm1496613qke.2.2020. (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 06 Feb 2020 06:23:26 -0800 (PST)
To: Vittorio Bertola <>,, "" <>, "" <>
References: <> <> <>
From: Rene Struik <>
Message-ID: <>
Date: Thu, 6 Feb 2020 09:23:23 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.4.2
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------A6472F957DF914BBA5EBAAC9"
Content-Language: en-US
Archived-At: <>
Subject: Re: [arch-d] [Last-Call] Call for Comment: <draft-iab-for-the-users-02> (The Internet is for End Users)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 06 Feb 2020 14:23:32 -0000

Dear colleagues:

Lots of points Vittorio Bertola made below resonate with me.

The presentation on the "Next Generation Internet" at CFRG [1] at the 
March 2019 meeting has useful pointers to "what the internet should be" 
vs. "what it has become". Another useful read is the "Weapons of Math 
Destruction" book [2]. Perhaps, one should indeed redesign the Internet 
from scratch to have a chance of benefiting the end-user (as defined by 
Vittorio), rather than entities where the user's data or mind control is 
the product.



On 2/6/2020 6:04 AM, Vittorio Bertola wrote:
>> Il 06/02/2020 02:43 Keith Moore <> ha scritto:
>>     In this document, "end users," means non-technical users whose
>>     activities IETF standards are designed to support, sometimes
>>     indirectly.
>> s/non-technical users/non-technical human users/
> I'm starting from this because this is one of the comments which I 
> have been making since -00, which was openly including commercial 
> corporations as "end users". Definitions are really important when you 
> adopt policy guidelines like this one, so it must be 101% clear that 
> "end users" only includes individual human beings (though, as 
> correctly said in the document, they can be connected to the Internet 
> indirectly or represented by a piece of hardware or software).
> (By the way - almost 20 years ago, when I was writing a presentation 
> for ICANN's At Large Advisory Committee, my native spellchecker Avri 
> Doria suggested that I should always hyphenate "end-user", because my 
> title "End user involvement in ICANN" could otherwise be interpreted 
> in a completely different way :-) I think this is still a valid 
> suggestion.)
> This is also why, in 3., the sentence "along with groups of them 
> forming businesses, governments, clubs, civil society organizations, 
> and other institutions" is problematic: what do you want to say here? 
> If it is just that human beings form organizations, that's obvious; 
> but if you say that all these entities are also end-users, this makes 
> the document mostly useless, as in the end every stakeholder would be 
> an end-user. This is why in general purpose policy systems, e.g. 
> general elections, only individuals vote, and do so as individuals - 
> their associations participate in other ways (i.e. specialized 
> consultations, funding, lobbying etc.).
> A similar problematic term is "social good", used several times. The 
> document seems to assume that "social good" is something that exists 
> and can be defined uniquely - however, all modern Western governance 
> systems are based on the assumption that there is not a single 
> definition of "social good" agreed by everyone. The problem is not how 
> to assess what the "social good" is in a given situation, but to 
> balance multiple conflicting visions of what the "social good" would be.
> There are other visions; for example, the Chinese government is 
> defining what actions are socially good or bad and giving scores to 
> people (see ). This 
> is an attempt to define "social good" in a generally agreed, unique 
> and objective way, and to make sure that people act "for the social 
> good", but while this approach is culturally fit for collectivist 
> societies like the Far Eastern ones, in individualist societies like 
> the Western ones it horrifies people.
> So while the ambition of "doing the right thing" is of course much 
> welcome, perhaps this point needs to be nuanced, recognizing that 
> often there will be different visions of what is "socially good" for 
> the end-users, and mediation will be more useful than spending months 
> arguing against each other on what really constitutes the social good.
> This is also why I still find the start of page 6 problematic:
>     Government representatives sometimes participate in the IETF
>     community. While this is welcome, it should not be taken as
>     automatically representative of end users elsewhere, or even all
>     end users in the relevant jurisdiction. Furthermore, what is
>     desirable in one jurisdiction (or at least to its administrators)
>     might be detrimental in others (see Section 4.4).
>     While some civil society organisations specialise in technology
>     and Internet policy, they typically do not have the capacity to
>     participate broadly, nor are they necessarily representative of
>     the larger Internet community. Nevertheless, their understanding
>     of end user needs is often profound, and they are in many ways the
>     most representative advocates for end user concerns; they should
>     be considered a primary channel for engaging the broader Internet
>     community.
>     A promising approach to help fill these gaps is to identify and
>     engage with specifically affected communities; for example, one or
>     more industry associations, user groups, or a set of individuals,
>     though we can't of course formally ensure that they are
>     appropriately representative.
> You are welcome to say that governments should not be the only ones to 
> decide - indeed, that is the result of 20 years of conceptualization 
> around multistakeholderism. However, we have now moved into the 
> "digital sovereignty" age and many, outside of the US and China, are 
> encouraging their governments to step back in and defend the rights of 
> their citizens against the increasing centralization, 
> commercialization and "surveillance-ization" of the Internet, and 
> against its use as a global trade war instrument. Anything the IAB 
> says on this will be taken as a position in this geopolitical debate.
> In this context, the repeated use of the word "representative" 
> throughout the section is highly problematic, as representing people 
> is the government's job, not civil society's job, and even 
> multistakeholderism does not say that the roles have to be mixed or 
> changed, only that multiple stakeholders should participate in the 
> debate and that the debate should aim to promote rough consensus among 
> stakeholders so that they voluntarily implement it in their respective 
> roles. But no one ever challenged the fact that governments are 
> representative or that they have the last word when it comes to law 
> and public policy, much like corporations have the last word when it 
> comes to their actions and so on.
> So the IAB should just align with the existing framework and say the 
> same thing (i.e., we must listen to all stakeholders and not only 
> governments) without challenging the role of governments and without 
> ranking which stakeholder is more important (so no "primary channel" 
> please).
> Similarly, again (it must be the third time I say this), the "web 
> browsers" paragraph in 4.2 is undemonstrated and inappropriate.
>     For example, one of the most successful Internet applications is
>     the Web. One of its key implementation roles is that of the Web
>     browser - called the User Agent in [RFC7230] and other
>     specifications. Because there are multiple interoperable
>     implementations, users can switch with relatively low costs, and
>     as a result there is a natural tendency to more carefully consider
>     the user's needs as an agent. This leads to Web browsers'
>     interests being better aligned with those of their users, creating
>     an ecosystem that is more user-focused (even if there are serious
>     challenges in it regarding the balance of power between
>     implementations and the barrier to entry for new implementations).
> It is the legitimate perception of the author that web browser makers 
> represent user interests well, but it is not that of many others, and 
> I do not know of any objective analysis or data around this statement 
> (nor one is provided in the text). Many would rather say that browsers 
> are one of the applications where users have less choice and less 
> controlling power, since you can switch between different 
> implementations but there are very few of them and all are very 
> similar. You have much more choice and variety in terms of email 
> clients, but does this really mean that email client makers are great 
> at representing the users?
> So this paragraph sounds to me like gratuitous flattering of a part of 
> the IETF community, and implicitly also gratuitous disapproval towards 
> other parts of the IETF community that in the author's opinion have 
> not been as good as browsers towards the users.
> If the point is that open interoperable standards (and open source 
> implementations, I'd add) are in favour of users, let's make that one, 
> though a mention of the phenomenon of open standards being used to 
> implement walled gardens would also make sense, to note that open 
> standards alone are not enough. But let's not single out anyone.
> Also, regarding the "body of guidance":
>     The IAB and IETF have already established a body of guidance for
>     situations where this sort of conflict is common, including (but
>     not limited to) [RFC7754] on filtering, [RFC7258] and [RFC7624] on
>     pervasive surveillance, [RFC7288] on host firewalls, and [RFC6973]
>     regarding privacy considerations.
> There is a contradiction in saying that the IETF has to take steps to 
> involve more stakeholders than in the past, and yet say that things 
> developed in the past without these stakeholders are already there and 
> should constrain the result of future discussions. It is exactly the 
> opposite - the IETF should have a broader discussion with 
> non-technical stakeholders around these guidelines and see whether 
> they really meet the needs of non-technical stakeholders.
> Also something that the IETF seems to be really bad at is revising its 
> past consensus when circumstances change - it often happens that you 
> point out a current issue and you are told "yes but this document from 
> 15 years ago says it's not important so shut up" (I can tell you, this 
> is very frustrating for new participants). End-users are very volatile 
> in their opinions and requests, as public debates often show. Part of 
> the work that needs to be done is to understand how to evolve past 
> policy positions to meet new requests as new stakeholders join the 
> debate and as the situation evolves.
> In the end, I see the merits of a statement in favour of individual 
> end-users, as I have been one of the main advocates for their 
> recognition in Internet governance venues for a long time. At the same 
> time, this document seems to redefine multistakeholderism from "let's 
> listen to all stakeholders and build consensus" (which, by the way, 
> was entirely inspired by the IETF's rough consensus approach) to 
> "let's prioritize one stakeholder over the others, and then let's see 
> who can speak for it". This is an untested conceptual approach which 
> is much more prone to capture or allegations thereof, and will raise 
> eyebrows elsewhere in policy circles.
> However, the actionable recommendations in this document seem to be 
> "make proactive efforts to involve more stakeholders" and "think in 
> terms of end-user and social impact and document your thinking", and 
> these are very reasonable, so perhaps the document could just focus on 
> them.
> (I am wondering if I should propose text for some of the above 
> observations, but I am not an IAB member so I do not know whether this 
> would be appropriate.)
> -- 
> Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
>  <>  
> Office @ Via Treviso 12, 10144 Torino, Italy

email: | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 287-3867