Re: [hrpc] "Anonymity is hard" (Farrell, Andersdotter)

The definitions in the Pfitzmann are the standard definitions, but also rather informal. Note anonymity can be measured quantiatively, so we can tell which protocols are more anonymous than others using information theory/simulations, etc.: 

"Towards an Information Theoretic Metric for Anonymity" https://bib.mixnetworks.org/pdf/serjantov2002towards.pdf 

or newer work that shows anonymity exists in tension with latency, building nicely off of and formalizing Pfitzmann's definitions: 

AnoA: Framework for Analyzing Anonymous Communication Protocols https://eprint.iacr.org/2014/087.pdf 

In general, the best thing for any new protocols is to minimize identifiers, encrypt all parts of a payload (see cleartext SNI issue TLS), and - which almost no protocols today actually do - in protocols that use additional data for routing with an encrypted payload, keep the routing data indistinguishable from the payload. If all packets are indistinguishable in transit, this would make it harder for censorship and any other network-level discrimination, and increase protection for intermediary liability. 

It may be useful for the new RG to help formulate guidance for new protocols, with support from HPRC for a human-rights angle. 

yours, 
Harry 

> De: "Robin Wilton" <wilton@isoc.org>
> À: "hrpc" <hrpc@irtf.org>
> Envoyé: Lundi 23 Juillet 2018 14:45:23
> Objet: Re: [hrpc] "Anonymity is hard" (Farrell, Andersdotter)

> I still think one of the best reference texts on anonymity, linkability, etc.,
> is Marit Hansen and Andreas Pfitzmann’s paper:

> "Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and
> Identity Management –
> A Consolidated Proposal for Terminology"
> The definitive version is (I believe) v.31, hosted at TU Dresden, but you can
> find it at the following link, along with one of Marit’s presentations on
> Privacy by Design (in German, but also has pictures ;^) )

> [ https://www.privacydesign.ch/?s=hansen |
> https://www.privacydesign.ch/?s=hansen ]

> HTH,
> Robin

>> On 20 Jul 2018, at 19:29, [ mailto:hrpc-request@irtf.org | hrpc-request@irtf.org
>> ] wrote:

>> Send hrpc mailing list submissions to
>> [ mailto:hrpc@irtf.org | hrpc@irtf.org ]

>> To subscribe or unsubscribe via the World Wide Web, visit
>> https://www.irtf.org/mailman/listinfo/hrpc
>> or, via email, send a message with subject or body 'help' to
>> hrpc-request@irtf.org

>> You can reach the person managing the list at
>> hrpc-owner@irtf.org

>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of hrpc digest..."
>> Today's Topics:

>> 1. Re: anonymity is hard (Amelia Andersdotter)
>> 2. Re: new title for draft-tenoever-hrpc-political
>> (Amelia Andersdotter)
>> 3. Re: Draft: Rights for restricted content (bzs@theworld.com)
>> 4. Re: Human Rights relating to racism and xenophobia (Seth Johnson)

>> From: Amelia Andersdotter <amelia@article19.org>
>> Subject: Re: [hrpc] anonymity is hard
>> Date: 20 July 2018 at 18:56:49 GMT+1
>> To: hrpc@irtf.org

>> On 2018-07-20 00:45, Stephen Farrell wrote:

>>> Hiya,

>>> Following up a bit on my comment on the anonymity draft,
>>> I did a quick search using "anonymity is hard" and got [1].
>>> That's a bit Tor-specific and maybe getting old, but it
>>> does seem to touch on a lot of the points that I'd love
>>> to see covered (mainly in draft text, not just by reference)
>>> in this draft.

>>> There are probably lots of other references and materials
>>> that could be used as a basis for text. I'd definitely
>>> be willing to help edit some text if someone else has a
>>> chance to write it, and I might even write a bit, but am
>>> not (yet:-) promising that.

>> Anonymity: A Comparison Between the Legal and Computer Science Perspectives by
>> Sergio Mascetti, Anna Monreale, Annarita Ricci, and Andrea Gerino on page 85 in
>> "European Data Protection - Coming of Age" (Gutwirth, et al, ed.), Springer
>> Verlag, 2013 is a /really good essay/ that describes, albeit more verbosely,
>> the ideas I took up at HRPC re: anonymity.

>> In a computer science setting (and by extension also in a protocol setting) we
>> can generalize tools such as pseudonymisation, or data minimization, data
>> obfuscation and other concrete things to many different areas/pieces of
>> information/data. It makes some intuitive sense (in my mind) too, that if many
>> threats to anonymity identified in RFC6379, RFC8280 among other places
>> (fingerprinting, correlation, traffic analysis, etc) are inferential in nature
>> (basically following Law of Large Numbers), then also solutions could aspire
>> towards to addressing the premises of, say, the Law of Large Numbers.

>> And then have a negative definition of "anonymity", namely, that you
>> define what is "identifiability" (what do we mean when we say someone is
>> identifiable wholly, partially or somehow?), and then leave it at the
>> place where "anonymity" is that which in either case is not
>> "identifiable" (this is also pretty much the strategy adopted in HR law
>> internationally and in the CoE).

>> But I'd like to hear Stéphane's (and everyone else's) thoughts on such a
>> direction of the draft.

>> best regards,

>> Amelia

>>> Cheers,
>>> S.

>>> [1]
>>> https://www.blackhat.com/presentations/bh-usa-02/bh-us-02-dingledine-anon.pdf

>>> _______________________________________________
>>> hrpc mailing list
>>> hrpc@irtf.org
>>> https://www.irtf.org/mailman/listinfo/hrpc

>> --
>> Amelia Andersdotter
>> Technical Consultant, Digital Programme

>> ARTICLE19
>> www.article19.org

>> PGP: 3D5D B6CA B852 B988 055A 6A6F FEF1 C294 B4E8 0B55

>> From: Amelia Andersdotter <amelia@article19.org>
>> Subject: Re: [hrpc] new title for draft-tenoever-hrpc-political
>> Date: 20 July 2018 at 19:00:58 GMT+1
>> To: hrpc@irtf.org

>> On 2018-07-20 10:33, Corinne Cath wrote:

>>> I like a.) Notes on networking standards and politics part of this
>>> whole process imho is to get people to read the doc to begin with,
>>> which seems most likely with a clear and recognizable title. my 2
>>> cents, corinne

>> yeah, a)

>> +1

>>> On Fri, Jul 20, 2018 at 1:19 AM, Mark Perkins
>>> <marknoumea=40yahoo.com@dmarc.ietf.org
>>> <mailto:marknoumea=40yahoo.com@dmarc.ietf..org>> wrote:

>>> 'Notes on networking standards and politics'

>>> get my vote!

>>> Mark Perkins

>>> On Friday, July 20, 2018, 10:10:27 AM GMT+11, Niels ten Oever
>>> <mail@nielstenoever.net <mailto:mail@nielstenoever.net>> wrote:

>>> Off-list discussion with Stephen resulted in a new option:

>>> 'Notes on networking standards and politics'

>>> That gives us a few options:

>>> a) Notes on networking standards and politics
>>> b) On Value Neutrality and the Politics of Standards
>>> c) Notes on Value Neutrality and the Politics of Standards
>>> d) ?

>>> Curious to hear what the RG thinks sounds best, new suggestions
>>> ofc also
>>> welcome.

>>> Best,

>>> Niels

>>> On 07/20/2018 12:43 AM, Niels ten Oever wrote:

>>>> On 07/20/2018 12:38 AM, Stephen Farrell wrote:

>>>>> Hiya,

>>>>> On 19/07/18 23:33, Niels ten Oever wrote:

>>>>>> Hi all,

>>>>>> Thank you all very much for the spirited discussion at the

>>> session. To

>>>>>> resolve the issue with draft political and remove the last

>>> issue mention

>>>>>> blocking adoption I would like to propose to rename the draft:

>>>>>> On Value Neutrality and the Politics of Standards

>>>>> Meh:-)

>>>>> How'd something more like "Some background on networking standards
>>>>> and politics" work? That seems to describe the content of the draft
>>>>> better to me, (modulo not having carefully read the latest rev,

>>> as I

>>>>> admitted at the mic, so don't take me too seriously.)

>>>>> My reason for suggesting that is to try end up with something that
>>>>> would be less surprising for an IETF (or IEEE 802 or W3C...)

>>> reader.

>>>> Exactly that audience is saying time and again that 'technology is
>>>> neutral' / 'protocols are neutral' / 'standards are neutral'.

>>> That is I

>>>> would like to address that in the title (and the draft).

>>>> Following work can then address how we could come up with

>>> approaches to

>>>> address that.

>>>>> Cheers,
>>>>> S.

>>>>>> Would that work for you all? I also added a few mentions of value
>>>>>> neutrality (and the lack thereof) for consistency in the abstract,
>>>>>> introduction, conclusion and the way forward.

>>>>>> Changes can be seen here:

>>> https://github.com/nllz/IRTF-HRPC/commit/03826cd73959e692bb1f7aa305f9fbdee325dbd2#diff-fb9d617868a367dd946ef225cc5e6de1
>>> <https://github.com/nllz/IRTF-HRPC/commit/03826cd73959e692bb1f7aa305f9fbdee325dbd2#diff-fb9d617868a367dd946ef225cc5e6de1>

>>>>>> Happy to discuss.

>>>>>> Best,

>>>>>> Niels

>>> --
>>> Niels ten Oever
>>> Researcher and PhD Candidate
>>> Datactive Research Group
>>> University of Amsterdam

>>> PGP fingerprint 2458 0B70 5C4A FD8A 9488
>>> 643A 0ED8 3F3A 468A C8B3
>>> _______________________________________________
>>> hrpc mailing list
>>> hrpc@irtf.org <mailto:hrpc@irtf..org>
>>> https://www.irtf.org/mailman/listinfo/hrpc
>>> <https://www.irtf.org/mailman/listinfo/hrpc>

>>> _______________________________________________
>>> hrpc mailing list
>>> hrpc@irtf.org <mailto:hrpc@irtf.org>
>>> https://www.irtf.org/mailman/listinfo/hrpc
>>> <https://www.irtf.org/mailman/listinfo/hrpc>

>>> --
>>> Corinne Cath
>>> Ph.D. Candidate, Oxford Internet Institute & Alan Turing Institute

>>> Web: www.oii..ox.ac.uk/people/corinne-cath
>>> <http://www.oii.ox.ac.uk/people/corinne-cath>
>>> Email: ccath@turing.ac.uk <mailto:ccath@turing..ac.uk> &
>>> corinnecath@gmail.com <mailto:corinnecath@gmail.com>
>>> Twitter: @C_Cath

>>> _______________________________________________
>>> hrpc mailing list
>>> hrpc@irtf.org
>>> https://www.irtf.org/mailman/listinfo/hrpc

>> --
>> Amelia Andersdotter
>> Technical Consultant, Digital Programme

>> ARTICLE19
>> www.article19.org

>> PGP: 3D5D B6CA B852 B988 055A 6A6F FEF1 C294 B4E8 0B55

>> From: bzs@theworld.com
>> Subject: Re: [hrpc] Draft: Rights for restricted content
>> Date: 20 July 2018 at 19:23:58 GMT+1
>> To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
>> Cc: Amelia Andersdotter <amelia@article19.org>, hrpc@irtf.org

>> For some old historical context Ted Nelson's Xanadu proposed and to
>> some extent implemented two-way links with payment or at least
>> statistics in mind.

>> "Who points to me" is a generally difficult problem without either
>> brute force (google, web spiders in general) or some sort of
>> architected method (Xanadu) and even in those cases can be difficult
>> particularly if one wants some high degree of accuracy for payments
>> for example.

>> I believe the basic idea in Xanadu was to use a transfinite* link
>> scheme (think: Dewey decimal system, a.b.c, a.x.b.c, etc) where links
>> incorporated metadata. The person who probably understands this best
>> is Roger Gregory, a mathematician who worked with Nelson on the idea
>> and I still hear from.

>> http://xanadu.com/tech/

>> * The term "transfinite" is also used in reference to classifications
>> of infinities in mathematics, no relationship, or only a passing one.

>> --
>> -Barry Shein

>> Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com
>> Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD
>> The World: Since 1989 | A Public Information Utility | *oo*

>> From: Seth Johnson <seth.p.johnson@gmail.com>
>> Subject: Re: [hrpc] Human Rights relating to racism and xenophobia
>> Date: 20 July 2018 at 19:28:22 GMT+1
>> To: Corinne Cath <corinnecath@gmail.com>
>> Cc: Mark Perkins <marknoumea=40yahoo.com@dmarc.ietf.org>, Hrpc <hrpc@irtf.org>,
>> Tony Rutkowski <rutkowski.tony@gmail.com>, Amelia Andersdotter
>> <amelia@article19.org>

>> Good points from Corinne -- except: state and private roles can be
>> distinguished. That's in fact exactly what's needed to get clarity.

>> On Fri, Jul 20, 2018 at 8:36 AM, Corinne Cath <corinnecath@gmail.com> wrote:

>>> Hi Mark,

>>> Some comments in-line:

>>> On Fri, Jul 20, 2018 at 1:15 AM, Mark Perkins
>>> <marknoumea=40yahoo.com@dmarc.ietf.org> wrote:

>>>> Tony

>>>> For my Library and Information Studies Masters I studied the New World
>>>> Information and Communication Order and all the controversy surrounding it,
>>>> so I am particularly jealous of your collaboration with Sean MacBride.

>>> +1

>>>> However, I do not draw the same conclusions as you from this.

>>>> One of the main issues of NWICO and the MacBride report was the unequal
>>>> diffusion / flow of information and its centralisation in a few hands &
>>>> colonial countries. The counter arguement was of one against censorship.

>>>> The Internet, and especially the Web changed this balance and the
>>>> argument. For a while the new free flow of information was seen as by some
>>>> as the New Revolution, though as always - social problems do not have
>>>> technical solutions.

>>>> States have since gained in capacity & willingness to censor, in mass
>>>> surveillance and to use the tools to repress opposition.

>>>> Corporations have moved from centres of information flow (the old
>>>> paradigm) to centres of 'attention'.

>>>> There are also moves towards recentering the Internet, from intelligence
>>>> at the edges to intelligence at the centre.

>>>> Your anecdote regarding MacBride and his deception regarding the Iran
>>>> Revolution is revealing. The US/CIA backed Iranian surveillance apparatus
>>>> (SAVAK) had repressed any secular opposition, leaving the mosque and bazaar
>>>> the only places to organize. A similar process had occured prior (& post) to
>>>> the Arab Spring, with similar backers but this time with much more
>>>> sophisticated surveillance tools.

>>>> The main threats of xenophobia, racism, homophobia & misogny are in
>>>> practice from states. This is not to minimize the effects of non-state
>>>> actors on individuals - but it is states that have the surveillance tools
>>>> and can compel the facebooks, googles, etc to hand over their data. And it
>>>> is states that carry out the worst acts of xenophobia, racism, homophobia &
>>>> misogny.

>>> I am not sure it is helpful to argue that states are 'more evil' than
>>> companies. I know its an American proclivity to worry mostly about states
>>> but from my perspective it is simply not possible to cleanly separate what
>>> nefarious things states do from what nefarious things companies do. States
>>> buy their surveillance tools from company, as well as developing them in
>>> house. They, as you indicate, get data from companies who provide this
>>> sensitive information because they are compelled to for legal or economic
>>> reasons.

>>>> Increasing tracability, or diminishing the options for pseudonymity /
>>>> anonymity on the grounds of enhancing accountability will have the perverse
>>>> effect of increasing the surveillance power of states and thus their powers
>>>> of xenophobia, racism, homophobia & misogny. This has even been recognised
>>>> as the case by UN Special Rapporteurs...

>>> Those same special rapporteurs have also carefully considered the roll of
>>> private actors in facilitating government surveillance. Imo, any discussion
>>> of the problem that actually gets to the root must be include a careful
>>> picture of the interplay between these two actors.

>>> Best,

>>>> My (more than) two pacific francs

>>>> Mark Perkins

>>>> On Thursday, July 12, 2018, 11:59:16 AM GMT+11, Tony Rutkowski
>>>> <rutkowski.tony@gmail.com> wrote:

>>>> Hi Amelia,

>>>> Perhaps one of the "lost in translation" problems here involves the way
>>>> lawyers conceptualize and treat these matters. In short, human rights
>>>> law is principally manifested through international law in diverse
>>>> forms. My law school alma mater - Washington College of Law - has for
>>>> many decades been a center for human rights law, and indeed created a
>>>> Center for Human Rights and Humanitarian Law. See
>>>> https://www.wcl.american.edu/impact/initiatives-programs/center/
>>>> Indeed, at the time, the dean was one of the world's prominent human
>>>> rights jurists and several of my professors played leading roles in
>>>> shaping the that body of law for some decades. Other prominent law
>>>> schools also have Human Rights Law programs. See
>>>> https://law.yale.edu/study-law-yale/areas-study/human-rights-law And,
>>>> when I taught the graduate program course on international
>>>> telecommunications law at NY Law School in the 1980s, I included human
>>>> rights law material.

>>>> You might want to be aware also that the first major initiative to deal
>>>> with human rights and new technologies including internets, was the
>>>> Commission chaired by Sean MacBride in 1979 generally named after him.
>>>> Sean at the time had just won the Nobel Peace Prize for his formation of
>>>> Amnesty International, the International Commission of Jurists, and in
>>>> general instantiating much of what constitutes human rights law in
>>>> international instruments and bodies. Although controversial at the
>>>> time, the report which the Commission produced perhaps remains today the
>>>> most comprehensive study done on the subject. See
>>>> http://www.un-documents.net/macbride-report.pdf

>>>> Because of my engineering-legal roles at the FCC and in inter-agency and
>>>> international bodies at the time, I had the good fortune of being
>>>> seconded to be Sean's technical advisor not only at the seminal New
>>>> Delhi meeting of the Commission (see attached), but also over the many
>>>> months of followup meetings with him in Paris, Geneva, and New York. We
>>>> became friends. Now about 40 years later, the input provided seems
>>>> still largely accurate in envisioning subsequent decades.
>>>> http://unesdoc.unesco.org/images/0004/000491/049100eb.pdf

>>>> There is a cautionary note here that is worth telling. Sean in his
>>>> public speeches would hold up audio tapes as an example of an "internet
>>>> packet technology" that was at that time being used by activists
>>>> attempting to bring about regime change in Iran. Sean was passionate
>>>> about human rights and viewed his role leading the Commission as a kind
>>>> of culmination of his long activist life - which also included major
>>>> roles in the formation of the Irish Republic and Sinn Féin. (Sean's
>>>> mother was Maud Gonne, and his father was hanged in the Easter Uprising
>>>> when he was 14). However, when the outcome of the Iranian Revolution
>>>> wasn't quite the human rights friendly regime he anticipated, he became
>>>> somewhat despondent and largely disappeared from public view - passing
>>>> away a few years later in his mother's famous Roebuck House in Dublin.

>>>> The reason that this note of caution is worth telling, is that after the
>>>> 1988 Melbourne Treaty enabling international public internets
>>>> (notwithstanding the KGB's vocal expression of concern), the DARPA
>>>> internet began to be advanced in the 1990s as an instrument of group
>>>> activism and regime change. However, it became quickly apparent that
>>>> there were attributes of the platform that could have potentially
>>>> catastrophic societal consequences via both state and non-state actors.
>>>> The past several years have significantly amplified the concern and the
>>>> trends are not good.

>>>> --tony

>>>> On 11-Jul-18 6:02 PM, Amelia Andersdotter wrote:

>>>>> On 2018-07-10 22:51, Tony Rutkowski wrote:

>>>>>> Hi Niels,

>>>>>> Clearly the additional protocol is regarded as human rights law.

>>>>> It's "international law".

>>>>> I think a useful way to think about it (for myself), is that human
>>>>> rights imply obligations on states (or companies) with respect to
>>>>> individuals/private persons or groups of individuals/private persons
>>>>> acting in a private/individual capacity.

>>>>> While "international law" in a more generic sense may also entail
>>>>> agreements between governments on competencies they should grant
>>>>> institutional actors (such as public authorities, international bodies)
>>>>> or legal persons (companies, NGOs, what have you).

>>>>> I have never come across the use of the word "human rights law" for
>>>>> international agreements that aim to steer governments in the direction
>>>>> of providing rights, duties or competencies to public authorities (I may
>>>>> not even, in general, have come across the word "human rights law", but
>>>>> it's a separate issue, I guess).

>>>>> best regards,

>>>> _______________________________________________
>>>> hrpc mailing list
>>>> hrpc@irtf.org
>>>> https://www.irtf.org/mailman/listinfo/hrpc

>>>> _______________________________________________
>>>> hrpc mailing list
>>>> hrpc@irtf.org
>>>> https://www.irtf.org/mailman/listinfo/hrpc

>>> --
>>> Corinne Cath
>>> Ph.D. Candidate, Oxford Internet Institute & Alan Turing Institute

>>> Web: www.oii..ox.ac.uk/people/corinne-cath
>>> Email: ccath@turing.ac.uk & corinnecath@gmail.com
>>> Twitter: @C_Cath

>>> _______________________________________________
>>> hrpc mailing list
>>> hrpc@irtf.org
>>> https://www.irtf.org/mailman/listinfo/hrpc

>> _______________________________________________
>> hrpc mailing list
>> hrpc@irtf.org
>> https://www.irtf.org/mailman/listinfo/hrpc

> _______________________________________________
> hrpc mailing list
> hrpc@irtf.org
> https://www.irtf.org/mailman/listinfo/hrpc