Re: [arch-d] IAB Adoption of draft-nottingham-for-the-users-09

[Vittorio Bertola <vittorio.bertola@open-xchange.com>]

> Il 22 luglio 2019 16:09 IAB Executive Administrative Manager <execd@iab.org> ha scritto:
> 
>  
> The IAB will discuss adoption of draft-nottingham-for-the-users-09 at 
> its meeting on 2019-08-07.
> 
> The draft can be found here: 
> https://datatracker.ietf.org/doc/draft-nottingham-for-the-users/
> 
> The agenda for the meeting will be posted 48 hours ahead of the meeting 
> here: https://www.iab.org/wiki/index.php/Agenda
> 
> Feedback about this draft can be sent in response to this mail on 
> architecture-discuss@ietf.org, or to the IAB directly at iab@iab.org.

You may remember that I already sent extensive feedback, mostly critical, when -07 was released and the same question was asked. I can say that after that, and after I had a chance to discuss this in person with an IAB member, the following versions have become noticeably better, so thanks for this.

I will still state a few points for the IAB to consider when making its mind on whether to adopt this draft, and on how to develop it further.


1. Whose interest is it really?

If this is going to be a high level policy declaration of "we do it for the general public interest", i.e. the interest of "the people" in general, this is a positive thing. However, you have to be absolutely sure that this will never be used as a way to push the standards-making process in a direction that benefits certain companies over others.

Especially, there is a decade-long competitive battle ongoing between companies providing services within the network and companies providing services over the network, at the endpoints of the connections. Sometimes the "end user" interest can be aligned with the former, sometimes with the latter, and sometimes (perhaps the most likely case) with neither of the two. The IETF should never make policy choices meant to be in favour of any of the two sets of businesses, but only in favour of the actual end users.

Even from the theoretical point of view, when individual "end users" form an organization, be it an NGO, a business or a government, the organization they form - which starts to have interests of its own - is not, in policy terms, an "end user" any more, even if it sits at the edge of the network. This is a known difference between the policy and the technology realm and should be made very clear in the conceptualization of this document. 


2. Easy to say, hard to do 

The second issue is that the controversial part when doing something "in the interest of the people" is not the principle statement, but how to determine what the interest of the people actually is. 

Currently, the IETF is spectacularly ill equipped for that, and the draft does not seem to address the problem, apart from a generic invitation to reach out to civil society organizations and other stakeholders, which however also generally do not represent the interest of "end users", but at most of subsets of them (e.g. the Electronic Frontiers Foundation and the Internet Watch Foundation are going to give you opposite advice on what is in the general public interest and "for social good", though both are civil society organizations). Again, the problem is not how to get multiple end-user interests stated, but how to decide which ones are to prevail, which is always a subjective judgement by each participant, and needs to be aggregated "fairly".

Mankind has worked for centuries to build complex institutional arrangements to get to determine "what's best for the people", and at least for a couple of decades to build similar arrangements specifically for the Internet. Yet there is no indication of their role in this document - it looks like, all of a sudden, the IETF (even at the individual WG level) is going to make its own policy decisions, alone, after running its own consultations with stakeholders. This looks unreliable, unaccountable, uncooperative, and unlikely to bring to any valid result.

In the end, if the IETF is going to adopt this policy, I would suggest that it should also have some ideas on how to implement it and on how it would fit into the broader Internet governance institutional galaxy.


3. This is not (common) law

The draft seems to imply that the IETF is building a corpus of principle documents that are to be used as a binding reference to put an end to any doubt on how to apply the main guideline - basically, a "constitution" of the IETF. The draft actually lists RFC7754, RFC7258, RFC7624 and others.

I sincerely doubt that the policy realm in which we are working is so clear, static and globally uniform that you can express such broader principles and apply them at any time and in any circumstance without further thought. Actually, I think that you need to do the opposite - start with a tentative guideline, see if it actually works in practice, be ready to adapt it to changing circumstances or to new information that shows you that what you thought would work nicely is actually creating more problems than it solves, or conflicts with one of the other guidelines.

And if you still want to establish policy guidelines for protocol development, I think you need to set specifically high barriers for developing them. You must be really sure that they represent broad policy consensus that goes well beyond a small number of IAB or WG members, and - as they affect the whole Internet - beyond the IETF itself.


This is just a set of personal opinions, building on scarce IETF experience but a long personal history in Internet policy; I hope it can contribute usefully to the discussion and I will be happy to continue if the IAB decides to adopt this document.

-- 
 
Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com 
Office @ Via Treviso 12, 10144 Torino, Italy