IETF Logo Mail Archive

Re: [hrpc] My suggestion for the attribution paragraph

Mallory Knodel <mknodel@cdt.org> Fri, 19 March 2021 14:26 UTC

Return-Path: <mknodel@cdt.org>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7BAE3A1681 for <hrpc@ietfa.amsl.com>; Fri, 19 Mar 2021 07:26:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cdt.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f07uSJWcf4fu for <hrpc@ietfa.amsl.com>; Fri, 19 Mar 2021 07:26:18 -0700 (PDT)
Received: from mail-qv1-xf29.google.com (mail-qv1-xf29.google.com [IPv6:2607:f8b0:4864:20::f29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 722083A1678 for <hrpc@irtf.org>; Fri, 19 Mar 2021 07:26:18 -0700 (PDT)
Received: by mail-qv1-xf29.google.com with SMTP id t5so5079608qvs.5 for <hrpc@irtf.org>; Fri, 19 Mar 2021 07:26:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cdt.org; s=google; h=message-id:date:mime-version:user-agent:subject:content-language:to :references:from:in-reply-to; bh=OzasI5AQgNlIehCA5fi1E/zXhQ7XPhAt+Ji+4VLTdB4=; b=DZhy93YKYQMuuXmtjy5qfjEWb/ZfZidqRy1S02m5BL3ZYwVdANkqgjXfgPHtKpjXXq PCY2kqsWav4ddb5BxRTN9BI/AFoJr8Z48uVbxXTJiVKRUChFCw6gHUnRKM9uY5HyYEuJ Swfzz30BWe4KidNSeYoWdi+KqbANsUbmOiIuE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:references:from:in-reply-to; bh=OzasI5AQgNlIehCA5fi1E/zXhQ7XPhAt+Ji+4VLTdB4=; b=QBecTWT0Z0vcX9pOk2X5G+iKJl9bKdo7xI+PXeAmnfs28Uxo6a/qBs0nG69QSN+Edo EoFB8awLbMln8BSua8rOa9u+vHbarjgA+SiJ+eMLx5AzMipUqrhT/+gd5oqwc0/bqtxu CooDD8SPizvLFAHPiGisLwRdT+IhEN6EpOvSi34kHade8LLOjbMnHU2JGsiMtQhLTi43 d275/SLff+n5Q6UoGuMkY+EdSAaZzFQSiJS4FvZr0St3bhzKIFdcM4rLDteXPmfxLgIR aIeJAIZMfMEyG69HYHGz7cbvHvTxpDUisAHYxafHdGjXKl5KwF+x5yMbw6WT+byBRLQS H0ug==
X-Gm-Message-State: AOAM532X3ZwdU5apWNwUZbURobsMFmDyy3/Sjq9DpS9xqDxvsx0QHSNC oBNBmfe3mw4g6Pn3bR195UyULpjhY1iDC0cw
X-Google-Smtp-Source: ABdhPJzpNi1CRP5oWN0YmskLOVvr3kWupdDoe6MJdvOiPTtyjTJJoRXqXIMf0BCb6Q2NxRrrkzZYKA==
X-Received: by 2002:a05:6214:8c4:: with SMTP id da4mr9426759qvb.17.1616163976044; Fri, 19 Mar 2021 07:26:16 -0700 (PDT)
Received: from Mallorys-MacBook-Air.local (c-73-163-188-207.hsd1.dc.comcast.net. [73.163.188.207]) by smtp.gmail.com with UTF8SMTPSA id u63sm3818660qtd.40.2021.03.19.07.26.15 for <hrpc@irtf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 19 Mar 2021 07:26:15 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------kfRTR4LaNRJJpJ3WocbUsECs"
Message-ID: <86d4f8ed-6bf9-abc2-41af-f8b9fc466766@cdt.org>
Date: Fri, 19 Mar 2021 10:26:14 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:87.0) Gecko/20100101 Thunderbird/87.0
Content-Language: en-US
To: hrpc@irtf.org
References: <CAN1qJvA_ONSNqk_Am6z6SASHO63eObaYMRVMY4cHR6XzPskGqg@mail.gmail.com> <988c1a1b-97a4-bccc-f991-7f51f760c088@cis-india.org> <CAN1qJvC2jPSJuawePyH5DO9xvqWLnUUAzFu8tWBzfkntQBEO6Q@mail.gmail.com> <5f706893-5ccf-a6ad-353e-1f64241e9978@yahoo.com> <91F738F9-3570-423A-8240-F3CB18EA25C8@istaff.org>
From: Mallory Knodel <mknodel@cdt.org>
In-Reply-To: <91F738F9-3570-423A-8240-F3CB18EA25C8@istaff.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/0cwLTe3NVDtlCQ2SwQcBN7XV2JM>
Subject: Re: [hrpc] My suggestion for the attribution paragraph
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: hrpc discussion list <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Mar 2021 14:26:21 -0000

On 3/16/21 9:20 AM, John Curran wrote:

> Mark -
>
> The fact that protocol support for attribution is important to support some human rights (i.e. the right to legal remedy)
> but poses important concerns regarding potential implications for other rights would seem to me to argue more strongly on the need for its inclusion in the guidelines rather than its omission, However, I’ll admit that I haven’t done direct protocol development in more than two decades and lacking as I am in recent first-hand experience, I'll leave it to this group to decide as it deems best.

I agree-- it would be odd to leave it out, especially when we've taken 
the opportunity to discuss it in depth.

If we need a deeper dive into the discussion at a later time, let's do 
that. But we can't simply erase in the document that this group of 
experts has discussed it. We don't actually need to have full consensus, 
but a succinct summary barring a value judgement shouldn't be so 
objectionable.

-Mallory


> All I do ask is that the IETF document be accurate regarding scope – i.e. if there is a determination to omit inclusion of some human rights from the guidelines because they are inconvenient, then the document should clearly indicate that it provides guidelines for _select_ human rights (and this would also suggest that the language "this is by no means an attempt to exclude specific rights or prioritize some rights over others. If other rights seem relevant, please contact the authors.” should probably be struck.)  I think this would be major step backward (and do not recommend such an approach), but see no other way to address your concerns about the potential risk to inexperienced protocol developers being led astray by the inclusion of the right to legal remedy.
>
> Thanks,
> /John
>
>
>> On 11 Mar 2021, at 4:27 PM, Mark Perkins<marknoumea=40yahoo.com@dmarc.ietf.org>  wrote:
>>
>> An annoying P.S.: just for the record I hope this paragraph does not encourage protocol developers to design protocols that can attribute certain action to an individual or lead to identification of people. I hope it doesn't legitimize attribution using protocols, with no accountability or checks and balances. Attribution features can be abused. I still don't think attribution should have been included at all, but that ship has sailed. So, I compromise.
>>
>> MP>> This is exactly my fear, excepting that I disagree that "that ship has sailed", and am still not sure that consensus has been reached on this issue...
>>
>> Mark P.
>>
>> Le 12/03/2021 à 05:34, farzaneh badii a écrit :
>>> Thank you Gurshabad,
>>>
>>> Yes this is fine, though I would have removed "may.. be" from the following sentence and replace it with "is".
>>> attribution on an individual level [may] is not [be] consistent with those particular human rights.  and would have removed individual from "i.e. mechanisms in protocols or architectures
>>> that are designed to make communications or artifacts attributable to a certain computer or individual)"
>>>
>>> I can't think of a text that captures Mallory's suggestion right now but I am not insistent on further changes to be applied. So don't want to hold you back.
>>> All good and thank you for your hard and excellent work.
>>>
>>>
>>> An annoying P.S.: just for the record I hope this paragraph does not encourage protocol developers to design protocols that can attribute certain action to an individual or lead to identification of people. I hope it doesn't legitimize attribution using protocols, with no accountability or checks and balances. Attribution features can be abused. I still don't think attribution should have been included at all, but that ship has sailed. So, I compromise.
>>>
>>>
>>>
>>> Farzaneh
>>>
>>>
>>> On Thu, Mar 11, 2021 at 1:00 PM Gurshabad Grover <gurshabad@cis-india.org  <mailto:gurshabad@cis-india.org>> wrote:
>>> Thanks, Farzaneh.
>>>
>>> I was referring to these suggestions (which came through well to my mail
>>> at least), which I mostly incorporated. I realised from your chat
>>> messages during hrpc today that you were highlighting the importance of
>>> removing the reference to 'law enforcement agencies'. Taking that and
>>> the recent suggestions into account, would this text be fine?
>>>
>>> """
>>> Question(s): Can your protocol facilitate a negatively impacted party's
>>> right to the appropriate remedy without disproportionately impacting
>>> other parties' human rights, especially their right to privacy?
>>>
>>> Explanation: Attribution (i.e. mechanisms in protocols or architectures
>>> that are designed to make communications or artifacts attributable to a
>>> certain computer or individual) may help victims of crimes in seeking
>>> appropriate remedy.  However, attribution mechanisms may impede the
>>> exercise of the right to privacy.  The Special Rapporteur for Freedom of
>>> Expression has also argued that anonymity is an inherent part of freedom
>>> of expression. [Kaye] Considering the adverse impact of attribution on
>>> the right to privacy and freedom of expression, enabling attribution on
>>> an individual level may not be consistent with those particular human
>>> rights.
>>> """
>>>
>>> On a finer point: I do not think that it is appropriate to remove 'the
>>> right to remedy' from the 'Impacts' section, because it is precisely
>>> what this section about (regardless of the final position it takes).
>>>
>>> -Gurshabad
>>>
>>>
>>> On 3/11/21 11:19 PM, farzaneh badii wrote:
>>>> Seems like the suggestion I made did not come through because I
>>>> strike-through
>>>> Screen Shot 2021-03-11 at 12.44.34 PM.png
>>>>   that didn't appear on the mailing list archive so I took a screenshot
>>>> of the changes I suggested which is attached.
>>>>
>>>> I will rewrite it here.
>>>> Farzaneh
>>>>
>>>> _______________________________________________
>>>> hrpc mailing list
>>>> hrpc@irtf.org  <mailto:hrpc@irtf.org>
>>>> https://www.irtf.org/mailman/listinfo/hrpc  <https://www.irtf.org/mailman/listinfo/hrpc>
>>>>
>>>
>>> _______________________________________________
>>> hrpc mailing list
>>> hrpc@irtf.org  <mailto:hrpc@irtf.org>
>>> https://www.irtf.org/mailman/listinfo/hrpc  <https://www.irtf.org/mailman/listinfo/hrpc>
>>   <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>	Garanti sans virus.www.avast.com  <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>  <x-msg://4/#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>_______________________________________________
>> hrpc mailing list
>> hrpc@irtf.org
>> https://www.irtf.org/mailman/listinfo/hrpc
>
>
> _______________________________________________
> hrpc mailing list
> hrpc@irtf.org
> https://www.irtf.org/mailman/listinfo/hrpc

-- 
Mallory Knodel
CTO, Center for Democracy and Technology
gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780

v2.23.0 | Report a Bug | By Email