Re: [arch-d] Call for Comment: <draft-iab-for-the-users-02> (The Internet is for End Users)

Vittorio Bertola <> Thu, 06 February 2020 11:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0E3F71202DD; Thu, 6 Feb 2020 03:05:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id BdSPZRt1qbwn; Thu, 6 Feb 2020 03:05:01 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 67E0F12025D; Thu, 6 Feb 2020 03:05:01 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 739FE6A25F; Thu, 6 Feb 2020 12:04:59 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=201705; t=1580987099; bh=D2bo8g47r6G3wg9LwfB8/mFCGbg+Yg643Tddj8LiHtI=; h=Date:From:To:In-Reply-To:References:Subject:From; b=1/pzRGiT8OHk6bEyu95tZ61xwVrAGUU2zLBDGxccGknwnP1i5VG3py5fRrQaqlQdO cA7YSb1Uch/B7jRQSWjdX6N+4Ux6xBc4I5ZYTubAJMWUnzTj5QGETR4LHHymdUbVUo rhF5VyaKDEaiOOzQV8mcQppQA6vI0m1uaa+nvoLuWdxbSNdrKuhH84KUQwnA3Q3a7c BfK3lHQFqbJiUguudvIGWE5lz5KWNQfzGQ5BjsBtkFHOnwtuaV6CA/66ls71rMbJ3v JlmjUuccp9w//VTNI/3bj3LhvvUPAsU7DuZjSt5MVQ/2pS8oBfYwrVO3593WpId/P3 8rybaKecc+urg==
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 66DAF3C0532; Thu, 6 Feb 2020 12:04:59 +0100 (CET)
Date: Thu, 6 Feb 2020 12:04:58 +0100 (CET)
From: Vittorio Bertola <>
To:, "" <>, "" <>
Message-ID: <>
In-Reply-To: <>
References: <> <>
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Priority: 3
Importance: Normal
X-Mailer: Open-Xchange Mailer v7.10.3-Rev3
X-Originating-Client: open-xchange-appsuite
Autocrypt:; prefer-encrypt=mutual; keydata= mQENBFhFR+UBCACfoywFKBRfzasiiR9/6dwY36eLePXcdScumDMR8qoXvRS55QYDjp5bs+yMq41qWV9 xp/cqryY9jnvHbeF3TsE5yEazpD1dleRbkpElUBpPwXqkrSP8uXO9KkS9KoX6gdml6M4L+F82WpqYC1 uTzOE6HPmhmQ4cGSgoia2jolxAhRpzoYN99/BwpvoZeTSLP5K6yPlMPYkMev/uZlAkMMhelli9IN6yA yxcC0AeHSnOAcNKUr13yXyMlTyi1cdMJ4sk88zIbefxwg3PAtYjkz3wgvP96cNVwAgSt4+j/ZuVaENP pgVuM512m051j9SlspWDHtzrci5pBKKFsibnTelrABEBAAG0NUJlcnRvbGEsIFZpdHRvcmlvIDx2aXR 0b3Jpby5iZXJ0b2xhQG9wZW4teGNoYW5nZS5jb20+iQFABBMBAgAqBAsJCAcGFQoJCAsCBRYCAwEAAp 4BAhsDBYkSzAMABQMAAAAABYJYRUflAAoJEIU2cHmzj8qNaG0H/ROY+suCP86hoN+9RIV66Ej8b3sb8 UgwFJOJMupZfeb9yTIJwE4VQT5lTt146CcJJ5jvxD6FZn1Htw9y4/45pPAF7xLE066jg3OqRvzeWRZ3 IDUfJJIiM5YGk1xWxDqppSwhnKcMOuI72iioWxX0nGQrWxpnWJsjt08IEEwuYucDkul1PHsrLJbTd58 fiMKLVwag+IE1SPHOwkPF6arZQZIfB5ThtOZV+36Jn8Hok9XfeXWBVyPkiWCQYVX39QsIbr0JNR9kQy 4g2ZFexOcTe8Jo12jPRL7V8OqStdDes3cje9lWFLnX05nrfLuE0l0JKWEg8akN+McFXc+oV68h7nu5A Q0EWEVH5QEIAIDKanNBe1uRfk8AjLirflZO291VNkOAeUu+dIhecGnZeQW6htlDinlYOnXhtsY1mK9W PUu+xshDq7lXn2G0LxldYwyJYZaJtDgIKqVqwxfA34Lj27oqPuXwcvGhdCgt0SW/YcalRdAi0/AzUCu 5GSaj2kaGUSnBYYUP4szGJXjaK2psP5toQSCtx2pfSXQ6MaqPK9Zzy+D5xc6VWQRp/iRImodAcPf8fg JJvRyJ8Jla3lKWyvBBzJDg6MOf6Fts78bJSt23X0uPp93g7GgbYkuRMnFI4RGoTVkxjD/HBEJ0CNg22 hoHJondhmKnZVrHEluFuSnW0wBEIYomcPSPB+cAEQEAAYkBMQQYAQIAGwUCWEVH5QIbDAQLCQgHBhUK CQgLAgUJEswDAAAKCRCFNnB5s4/KjdO8B/wNpvWtOpLdotR/Xh4fu08Fd63nnNfbIGIETWsVi0Sbr8i E5duuGaaWIcMmUvgKe/BM0Fpj9X01Zjm90uoPrlVVuQWrf+vFlbalUYVZr51gl5UyUFHk+iAZCAA0WB rsmACKvuV1P7GuiX3UV9b59T9taYJxN3dNFuftrEuvsqHimFtlekUjUwoCekTJdncFusBhwz2OrKhHr WWrEsXkfh0+pURWYAlKlTxvXuI7gAfHEQM+6OnrWvXYtlhd0M1sBPnCjbyG63Qws7Rek9bEWKtH6dA6 dmT2FQT+g1S9Mdf0WkPTQNX0x24dm8IoHuD3KYwX7Svx43Xa17aZnXqUjtj1
Archived-At: <>
Subject: Re: [arch-d] Call for Comment: <draft-iab-for-the-users-02> (The Internet is for End Users)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 06 Feb 2020 11:05:05 -0000

Il 06/02/2020 02:43 Keith Moore <> ha scritto:

   In this document, "end users," means non-technical users whose
   activities IETF standards are designed to support, sometimes

s/non-technical users/non-technical human users/

I'm starting from this because this is one of the comments which I have been making since -00, which was openly including commercial corporations as "end users". Definitions are really important when you adopt policy guidelines like this one, so it must be 101% clear that "end users" only includes individual human beings (though, as correctly said in the document, they can be connected to the Internet indirectly or represented by a piece of hardware or software).

(By the way - almost 20 years ago, when I was writing a presentation for ICANN's At Large Advisory Committee, my native spellchecker Avri Doria suggested that I should always hyphenate "end-user", because my title "End user involvement in ICANN" could otherwise be interpreted in a completely different way :-) I think this is still a valid suggestion.)

This is also why, in 3., the sentence "along with groups of them forming businesses, governments, clubs, civil society organizations, and other institutions" is problematic: what do you want to say here? If it is just that human beings form organizations, that's obvious; but if you say that all these entities are also end-users, this makes the document mostly useless, as in the end every stakeholder would be an end-user. This is why in general purpose policy systems, e.g. general elections, only individuals vote, and do so as individuals - their associations participate in other ways (i.e. specialized consultations, funding, lobbying etc.).

A similar problematic term is "social good", used several times. The document seems to assume that "social good" is something that exists and can be defined uniquely - however, all modern Western governance systems are based on the assumption that there is not a single definition of "social good" agreed by everyone. The problem is not how to assess what the "social good" is in a given situation, but to balance multiple conflicting visions of what the "social good" would be.

There are other visions; for example, the Chinese government is defining what actions are socially good or bad and giving scores to people (see" rel="nofollow"> ). This is an attempt to define "social good" in a generally agreed, unique and objective way, and to make sure that people act "for the social good", but while this approach is culturally fit for collectivist societies like the Far Eastern ones, in individualist societies like the Western ones it horrifies people.

So while the ambition of "doing the right thing" is of course much welcome, perhaps this point needs to be nuanced, recognizing that often there will be different visions of what is "socially good" for the end-users, and mediation will be more useful than spending months arguing against each other on what really constitutes the social good.

This is also why I still find the start of page 6 problematic:
Government representatives sometimes participate in the IETF community. While this is welcome, it should not be taken as automatically representative of end users elsewhere, or even all end users in the relevant jurisdiction. Furthermore, what is desirable in one jurisdiction (or at least to its administrators) might be detrimental in others (see Section 4.4).

While some civil society organisations specialise in technology and Internet policy, they typically do not have the capacity to participate broadly, nor are they necessarily representative of the larger Internet community. Nevertheless, their understanding of end user needs is often profound, and they are in many ways the most representative advocates for end user concerns; they should be considered a primary channel for engaging the broader Internet community.

A promising approach to help fill these gaps is to identify and engage with specifically affected communities; for example, one or more industry associations, user groups, or a set of individuals, though we can't of course formally ensure that they are appropriately representative.

You are welcome to say that governments should not be the only ones to decide - indeed, that is the result of 20 years of conceptualization around multistakeholderism. However, we have now moved into the "digital sovereignty" age and many, outside of the US and China, are encouraging their governments to step back in and defend the rights of their citizens against the increasing centralization, commercialization and "surveillance-ization" of the Internet, and against its use as a global trade war instrument. Anything the IAB says on this will be taken as a position in this geopolitical debate.

In this context, the repeated use of the word "representative" throughout the section is highly problematic, as representing people is the government's job, not civil society's job, and even multistakeholderism does not say that the roles have to be mixed or changed, only that multiple stakeholders should participate in the debate and that the debate should aim to promote rough consensus among stakeholders so that they voluntarily implement it in their respective roles. But no one ever challenged the fact that governments are representative or that they have the last word when it comes to law and public policy, much like corporations have the last word when it comes to their actions and so on.

So the IAB should just align with the existing framework and say the same thing (i.e., we must listen to all stakeholders and not only governments) without challenging the role of governments and without ranking which stakeholder is more important (so no "primary channel" please).

Similarly, again (it must be the third time I say this), the "web browsers" paragraph in 4.2 is undemonstrated and inappropriate.
For example, one of the most successful Internet applications is the Web. One of its key implementation roles is that of the Web browser - called the User Agent in [RFC7230] and other specifications. Because there are multiple interoperable implementations, users can switch with relatively low costs, and as a result there is a natural tendency to more carefully consider the user's needs as an agent. This leads to Web browsers' interests being better aligned with those of their users, creating an ecosystem that is more user-focused (even if there are serious challenges in it regarding the balance of power between implementations and the barrier to entry for new implementations).
It is the legitimate perception of the author that web browser makers represent user interests well, but it is not that of many others, and I do not know of any objective analysis or data around this statement (nor one is provided in the text). Many would rather say that browsers are one of the applications where users have less choice and less controlling power, since you can switch between different implementations but there are very few of them and all are very similar. You have much more choice and variety in terms of email clients, but does this really mean that email client makers are great at representing the users?

So this paragraph sounds to me like gratuitous flattering of a part of the IETF community, and implicitly also gratuitous disapproval towards other parts of the IETF community that in the author's opinion have not been as good as browsers towards the users.

If the point is that open interoperable standards (and open source implementations, I'd add) are in favour of users, let's make that one, though a mention of the phenomenon of open standards being used to implement walled gardens would also make sense, to note that open standards alone are not enough. But let's not single out anyone.

Also, regarding the "body of guidance":

The IAB and IETF have already established a body of guidance for situations where this sort of conflict is common, including (but not limited to) [RFC7754] on filtering, [RFC7258] and [RFC7624] on pervasive surveillance, [RFC7288] on host firewalls, and [RFC6973] regarding privacy considerations.

There is a contradiction in saying that the IETF has to take steps to involve more stakeholders than in the past, and yet say that things developed in the past without these stakeholders are already there and should constrain the result of future discussions. It is exactly the opposite - the IETF should have a broader discussion with non-technical stakeholders around these guidelines and see whether they really meet the needs of non-technical stakeholders.

Also something that the IETF seems to be really bad at is revising its past consensus when circumstances change - it often happens that you point out a current issue and you are told "yes but this document from 15 years ago says it's not important so shut up" (I can tell you, this is very frustrating for new participants). End-users are very volatile in their opinions and requests, as public debates often show. Part of the work that needs to be done is to understand how to evolve past policy positions to meet new requests as new stakeholders join the debate and as the situation evolves.

In the end, I see the merits of a statement in favour of individual end-users, as I have been one of the main advocates for their recognition in Internet governance venues for a long time. At the same time, this document seems to redefine multistakeholderism from "let's listen to all stakeholders and build consensus" (which, by the way, was entirely inspired by the IETF's rough consensus approach) to "let's prioritize one stakeholder over the others, and then let's see who can speak for it". This is an untested conceptual approach which is much more prone to capture or allegations thereof, and will raise eyebrows elsewhere in policy circles.

However, the actionable recommendations in this document seem to be "make proactive efforts to involve more stakeholders" and "think in terms of end-user and social impact and document your thinking", and these are very reasonable, so perhaps the document could just focus on them.

(I am wondering if I should propose text for some of the above observations, but I am not an IAB member so I do not know whether this would be appropriate.)


Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
Office @ Via Treviso 12, 10144 Torino, Italy