Re: [hrpc] My suggestion for the attribution paragraph

[Niels ten Oever <mail@nielstenoever.net>]

Dear Farzaneh,

On 19-03-2021 16:24, farzaneh badii wrote:
> We have raised the problem of cherry-picking in previous papers when criticizing the approach of HRPC, but in this case I don't think cherry-picking is involved. 

So I guess this means that it is not an issue?

Your framing [attribution results in or can help with legal remedy] is problematic because it brings jurisdictional issues to this document.

It is a core component of the UN Guiding Principles for Human Rights. This is not necessarily part of jurisdiction. Remedy does not necessarily need to be offered by a state.


 What legal remedy, based on which law? 

As described, UNGPs. Have a look here: https://www.ohchr.org/EN/Issues/Business/Pages/AccessToRemedy.aspx

I heard that people were saying we are not trying to bring one set of legal systems into the discussion. And it's not even clear how you can create a direct link between attribution and legal remedy. Access to legal remedy in the human rights law field does not mean that a private protocol developer helps victims or law enforcement with gathering evidence!

Organizations that develop and deploy protocols do have responsibilities and this questionnaire is a way of considering them in different contexts. 

> Help with gathering evidence does not result in legal remedy. Access to legal remedy is much more nuanced than that. 
> 
> I think we just did not discuss this issue carefully for the past couple of years. We didn't have legal experts and human rights law experts that could analyze this in depth and give us their perspective. 

By saying this you're not doing justice to the lawyers and human rights experts that have weight in and advised on this. 

I am very concerned about including this paragraph. I tried to help with revising it so it is not that I want to stop progress but as I have said, this paragraph can be potentially against human rights more than for it.
> 

According to you it would be harmful for human rights to say write that 'using protocols to achieve remedy and attribution on an individual level is probably not consistent with human rights' ?

Best,

Niels

> 
> 
> 
> 
> 
> 
> 
> 
> Farzaneh
> 
> 
> On Tue, Mar 16, 2021 at 9:20 AM John Curran <jcurran@istaff.org <mailto:jcurran@istaff.org>> wrote:
> 
>     Mark - 
> 
>     The fact that protocol support for attribution is important to support some human rights (i.e. the right to legal remedy) 
>     but poses important concerns regarding potential implications for other rights would seem to me to argue more strongly on the need for its inclusion in the guidelines rather than its omission, However, I’ll admit that I haven’t done direct protocol development in more than two decades and lacking as I am in recent first-hand experience, I'll leave it to this group to decide as it deems best. 
> 
>     All I do ask is that the IETF document be accurate regarding scope – i.e. if there is a determination to omit inclusion of some human rights from the guidelines because they are inconvenient, then the document should clearly indicate that it provides guidelines for _select_ human rights (and this would also suggest that the language "this is by no means an attempt to exclude specific rights or prioritize some rights over others. If other rights seem relevant, please contact the authors.” should probably be struck.)  I think this would be major step backward (and do not recommend such an approach), but see no other way to address your concerns about the potential risk to inexperienced protocol developers being led astray by the inclusion of the right to legal remedy.
> 
>     Thanks,
>     /John
> 
> 
>>     On 11 Mar 2021, at 4:27 PM, Mark Perkins <marknoumea=40yahoo.com@dmarc.ietf.org <mailto:marknoumea=40yahoo.com@dmarc.ietf.org>> wrote:
>>
>>     An annoying P.S.: just for the record I hope this paragraph does not encourage protocol developers to design protocols that can attribute certain action to an individual or lead to identification of people. I hope it doesn't legitimize attribution using protocols, with no accountability or checks and balances. Attribution features can be abused. I still don't think attribution should have been included at all, but that ship has sailed. So, I compromise.
>>
>>     MP>> This is exactly my fear, excepting that I disagree that "that ship has sailed", and am still not sure that consensus has been reached on this issue...
>>
>>     Mark P.
>>
>>     Le 12/03/2021 à 05:34, farzaneh badii a écrit :
>>>     Thank you Gurshabad,
>>>
>>>     Yes this is fine, though I would have removed "may.. be" from the following sentence and replace it with "is".
>>>     attribution on an individual level [may] *is not [*be] consistent with those particular human rights.  and would have removed individual from "i.e. mechanisms in protocols or architectures
>>>     that are designed to make communications or artifacts attributable to acertain computer*or individual)*"
>>>
>>>     I can't think of a text that captures Mallory's suggestion right now but I am not insistent on further changes to be applied. So don't want to hold you back. 
>>>     All good and thank you for your hard and excellent work. 
>>>
>>>
>>>     An annoying P.S.: just for the record I hope this paragraph does not encourage protocol developers to design protocols that can attribute certain action to an individual or lead to identification of people. I hope it doesn't legitimize attribution using protocols, with no accountability or checks and balances. Attribution features can be abused. I still don't think attribution should have been included at all, but that ship has sailed. So, I compromise. 
>>>
>>>
>>>
>>>     Farzaneh
>>>
>>>
>>>     On Thu, Mar 11, 2021 at 1:00 PM Gurshabad Grover <gurshabad@cis-india.org <mailto:gurshabad@cis-india.org>> wrote:
>>>
>>>         Thanks, Farzaneh.
>>>
>>>         I was referring to these suggestions (which came through well to my mail
>>>         at least), which I mostly incorporated. I realised from your chat
>>>         messages during hrpc today that you were highlighting the importance of
>>>         removing the reference to 'law enforcement agencies'. Taking that and
>>>         the recent suggestions into account, would this text be fine?
>>>
>>>         """
>>>         Question(s): Can your protocol facilitate a negatively impacted party's
>>>         right to the appropriate remedy without disproportionately impacting
>>>         other parties' human rights, especially their right to privacy?
>>>
>>>         Explanation: Attribution (i.e. mechanisms in protocols or architectures
>>>         that are designed to make communications or artifacts attributable to a
>>>         certain computer or individual) may help victims of crimes in seeking
>>>         appropriate remedy.  However, attribution mechanisms may impede the
>>>         exercise of the right to privacy.  The Special Rapporteur for Freedom of
>>>         Expression has also argued that anonymity is an inherent part of freedom
>>>         of expression. [Kaye] Considering the adverse impact of attribution on
>>>         the right to privacy and freedom of expression, enabling attribution on
>>>         an individual level may not be consistent with those particular human
>>>         rights.
>>>         """
>>>
>>>         On a finer point: I do not think that it is appropriate to remove 'the
>>>         right to remedy' from the 'Impacts' section, because it is precisely
>>>         what this section about (regardless of the final position it takes).
>>>
>>>         -Gurshabad
>>>
>>>
>>>         On 3/11/21 11:19 PM, farzaneh badii wrote:
>>>         > Seems like the suggestion I made did not come through because I
>>>         > strike-through 
>>>         > Screen Shot 2021-03-11 at 12.44.34 PM.png
>>>         >  that didn't appear on the mailing list archive so I took a screenshot
>>>         > of the changes I suggested which is attached.
>>>         >
>>>         > I will rewrite it here. 
>>>         > Farzaneh
>>>         >
>>>         > _______________________________________________
>>>         > hrpc mailing list
>>>         > hrpc@irtf.org <mailto:hrpc@irtf.org>
>>>         > https://www.irtf.org/mailman/listinfo/hrpc <https://www.irtf.org/mailman/listinfo/hrpc>
>>>         >
>>>
>>>
>>>     _______________________________________________
>>>     hrpc mailing list
>>>     hrpc@irtf.org <mailto:hrpc@irtf.org>
>>>     https://www.irtf.org/mailman/listinfo/hrpc <https://www.irtf.org/mailman/listinfo/hrpc>
>>
>>     <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 	Garanti sans virus. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>>
>>     _______________________________________________
>>     hrpc mailing list
>>     hrpc@irtf.org <mailto:hrpc@irtf.org>
>>     https://www.irtf.org/mailman/listinfo/hrpc <https://www.irtf.org/mailman/listinfo/hrpc>
> 
>     _______________________________________________
>     hrpc mailing list
>     hrpc@irtf.org <mailto:hrpc@irtf.org>
>     https://www.irtf.org/mailman/listinfo/hrpc <https://www.irtf.org/mailman/listinfo/hrpc>
> 
> 
> _______________________________________________
> hrpc mailing list
> hrpc@irtf.org
> https://www.irtf.org/mailman/listinfo/hrpc
> 

-- 
Niels ten Oever, PhD
Postdoctoral Researcher - Media Studies Department - University of Amsterdam
Research Fellow - Centre for Internet and Human Rights - European University Viadrina
Associated Scholar - Centro de Tecnologia e Sociedade - Fundação Getúlio Vargas

https://nielstenoever.net - mail@nielstenoever.net - @nielstenoever - +31629051853
PGP: 2458 0B70 5C4A FD8A 9488 643A 0ED8 3F3A 468A C8B3

Read my latest article on Internet infrastructure governance in New Media & Society here: https://journals.sagepub.com/doi/full/10.1177/1461444820929320