IETF Logo Mail Archive

Re: [hrpc] HRPC recharter

Mallory Knodel <mknodel@cdt.org> Wed, 04 January 2023 20:07 UTC

Return-Path: <mknodel@cdt.org>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5809C14F744 for <hrpc@ietfa.amsl.com>; Wed, 4 Jan 2023 12:07:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cdt.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QebNiaYRatwl for <hrpc@ietfa.amsl.com>; Wed, 4 Jan 2023 12:07:13 -0800 (PST)
Received: from mail-yw1-x1129.google.com (mail-yw1-x1129.google.com [IPv6:2607:f8b0:4864:20::1129]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8710C14F740 for <hrpc@irtf.org>; Wed, 4 Jan 2023 12:07:12 -0800 (PST)
Received: by mail-yw1-x1129.google.com with SMTP id 00721157ae682-476e643d1d5so375080787b3.1 for <hrpc@irtf.org>; Wed, 04 Jan 2023 12:07:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cdt.org; s=google; h=in-reply-to:from:references:cc:to:content-language:subject :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=GMsZ9H8RoKRaatwm89l65XMSI6YZq0K5M4wNPs/NTCA=; b=Td9bFoNzqM5bkvRNog3XogljEmQ1nG1HCRSx7jJ1MKHvm+gMGdHDtEEC5A987R66xc PUR0Q3YJwluXHD6sc1tbjFLmnS7H3dlrT482BBeG3Ze/d4t+p6Bxxqpx+5G8WZgD1p6P vWe+qlteH/NoXvVkKLNDxxJq2yJt+MGwPu7eA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:from:references:cc:to:content-language:subject :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=GMsZ9H8RoKRaatwm89l65XMSI6YZq0K5M4wNPs/NTCA=; b=qIUBe9rOd/PBzv4BjVfalJbLPYZYleWfANKEBUClgB/eugEB8If7X0wI3tRb5vnGmB oUtQ7D4H1+nUvKerqGaHIEFg1rSNbRXW5xPIwvi9dXRaBcJLTYRDNchtoEnK/doIjjxO N81dESzZzuh8ToBShMUyNNewxKhzMOwCWGa6lKRz7IzKkc6xtmNdGLWxRFU/vOPPXxn2 DeOyRXaoSkvt3TJan1JUZeLfjIs2CP10cCJBchhaDTt3a87bs0i2tgNfsoW1mSiHG8T8 yaDffhwVr6CfFT3s0WP4oqPyT6V4rM94SA8YB8SmNPSvgJZw+9x20bDBBos4QGk0M/DJ 9XEw==
X-Gm-Message-State: AFqh2koxtcuRSjpm1MZtVtZUn3XtFKqI4uGhZm0wWzuVI6UeJfux4MZa 0z77Dlt0baXM79RmEJfDMXhtW0BYNFCFQt19
X-Google-Smtp-Source: AMrXdXukPgx04wZQwzJuOVo9+kjAr7sD6CDXX6Fu3X0tfHn+grdPE7cAualYOJPDdu/iY8fSYEl6eQ==
X-Received: by 2002:a0d:cacb:0:b0:465:23f8:9285 with SMTP id m194-20020a0dcacb000000b0046523f89285mr46370033ywd.51.1672862831491; Wed, 04 Jan 2023 12:07:11 -0800 (PST)
Received: from [10.0.3.199] ([50.239.129.122]) by smtp.gmail.com with ESMTPSA id s16-20020a05620a255000b006fa12a74c53sm24604089qko.61.2023.01.04.12.07.10 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 04 Jan 2023 12:07:10 -0800 (PST)
Content-Type: multipart/alternative; boundary="------------qFu6dI9bNE4XmuTyVH0pcvPa"
Message-ID: <f727a6c8-7f1e-0db8-46d0-36248b921b79@cdt.org>
Date: Wed, 04 Jan 2023 15:07:08 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:106.0) Gecko/20100101 Thunderbird/106.0
Content-Language: en-US
To: Eric Rescorla <ekr@rtfm.com>
Cc: Hrpc <hrpc@irtf.org>
References: <6ddd480d-76ed-a05e-066d-d740fee61441@cdt.org> <CABcZeBO-kN+KmNcGuiAxv5ZidvuZW5A5yjB2mP_ZJCiF1qNLyg@mail.gmail.com>
From: Mallory Knodel <mknodel@cdt.org>
In-Reply-To: <CABcZeBO-kN+KmNcGuiAxv5ZidvuZW5A5yjB2mP_ZJCiF1qNLyg@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/UgQlspOzKn2ym2fE1c0Xh5odEvM>
Subject: Re: [hrpc] HRPC recharter
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: hrpc discussion list <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2023 20:07:18 -0000

Hi Eric,

On 12/26/22 1:49 PM, Eric Rescorla wrote:
>
> As an outsider, when HRPC was first started, it seemed to have a real
> BCP-72ish vibe in which there would be:
>
> - Some common set of expectations for a what it would mean for a
>   document to be analyzed from a human rights perspective (presumably
>   documented in RFC 8280)
>
> - Some process for external review for those factors (presumably done
>   by HRPC)
>
That is indeed what we are hoping to achieve with draft-guidelines. But 
to the latter, I think the "external" bit has been troubled completely 
and for good reason. There's agreement that this work should happen in 
the WG to the extent possible, and ideally even done by the group itself 
and not dispatched from HRPC.

Another option that hasn't been actioned as far as I can tell is to see 
where other directorates might take on some of the human rights 
guidelines into their reviews, like security, privacy or even the 
IESG/IAB reviews of BoFs and things. I'd be keen to work with various 
emissaries from directorates to do a sweep of the processes and identify 
opportunities to improve and streamline.

> So, for instance, the current charter has this bullet:
>
>   * To propose guidelines to protect the Internet as a
>     human-rights-enabling environment in future protocol development,
>     in a manner similar to the work done for Privacy Considerations in
>     RFC 6973.
>
Bingo.
> And of course there is the the "Considerations" name of the RG
> itself.
>
> Whatever the intentions at the time, I think it's pretty clear that
> this has not been the outcome: there haven't been that many of these
> reviews and I don't think there's really broad consensus on how to
> think about human rights in protocol design (see my separate review of
> the 8280 revision [0]). More generally, at least from my perspective,
> the work of HRPC has not had much impact on IETF operational practice
> in terms of protocol design (even less so than there is around Privacy
> Considerations).

But perhaps more indicatively, do you think there have been missed 
opportunities since HRPC was chartered?

I would charge that one reason there hasn't been a lot of visible impact 
is that there haven't been visible opportunity, reason, or occasion to 
intervene.

>
> I see that the proposed charter revises this bullet somewhat to remove
> the comparison to 6973, but I think it would be good to be clearer in
> the charter that the intent for the HRPC is not to be some
> human-rights flavored version of secdir or opsdir. In particular, if
> guidelines for how to design protocols so that they protect human
> rights are to have any normative force, they need to come out of the
> IETF, not the IRTF. And if the intent is to provide something
> informative, then I think what's needed is something much more like an
> analysis of problems and a catalog of techniques than guidelines. This
> is, for instance, what PEARG does.

That's why we removed the reference so if there's more we could do to 
make clear this intention, I'd be happy to re-work other parts of the 
text as well. (I like to delete things, rather than add them, where 
possible.)

Could you give an example of where PEARG has published a doc that does 
this well. And alternatively if you can point to a place in the charter 
where this sort of thing appears and is described better than what we have?

>
>
> The two other objectives have a more public awareness type flavor:
>
>  * To expose the relations between protocols and values, with a focus
>    on the human rights framework.
>  * To increase the awareness in both the policy community and the
>    technical community on the importance of the technical workings of
>    the Internet and its impact on human rights and the public
>    interest.
>
> I don't track the work in these areas as closely, so I'm less able
> to say whether that work is going well or not. For what it's worth,
> I don't typically refer to the artifacts of this group as the main
> sources for the human rights impacts of protocols, but perhaps
> others have a different experience.

I do think I have a better sense of these things, but irrespective of 
that, I think re-writing the charter on these two points is unlikely to 
have an effect. We're expressing the objectives in the best way, I 
believe, already, but open to suggested changes.

>
> In any case, I think rather than just spinning a new charter, it
> would be helpful to take a bigger picture look at what this RG
> should be trying to accomplish.
>
I'd like to say this is a great time to be doing both. Thanks for 
engaging and happy to take both conversations forward in the ways you've 
outlined above,

-Mallory

> -Ekr
>
>
> [0] 
> https://mailarchive.ietf.org/arch/msg/hrpc/I2mP4Wehcj3UTSGqh4uwH6QoA4Y/
>
> On Thu, Dec 22, 2022 at 9:30 AM Mallory Knodel <mknodel@cdt.org> wrote:
>
>     Dear RG,
>
>     Hope everyone is well.
>
>     At the 115 meeting HRPC was reviewed by the IAB [0], notes of
>     which are
>     forthcoming from the IAB.
>
>     Partially as a result, though this activity predates the review
>     itself,
>     Sofia and I have been reviewing the HRPC charter. In particular we
>     are
>     keen to expand HRPC slightly, though arguably our area of work will
>     remain the same (more on that later), to explicitly welcome policy
>     discussions.
>
>     The recharter text is available in GitHub [1] where you can view a
>     diff
>     [2]. It is also in a plaintext format with more visual indications of
>     where the changes have been made [3].
>
>     My view on the proposed change to include "policy" as a
>     replacement for
>     "protocol" in the name and charter text have been shaped by both
>     of the
>     past chairs of HRPC and Colin's feedback, which is that the human
>     rights
>     framework can apply to virtually any policy discussion and therefore
>     HRPC has all along according to its charter had a mandate to talk
>     about
>     these issues. However I do think that the slight rephrasing in places
>     gives us necessary updates that reflect the current political
>     moment as
>     well as learning from past lessons since the group was chartered the
>     first time. Additionally I think there is value in the group name and
>     its charter text being written so as to explicitly attract
>     researchers
>     and research that discuss policy, as a "place to land" in the
>     IETF/IRTF.
>
>     We welcome any comments on the proposed changes.
>
>     Happy new year and best wishes to everyone,
>
>     -Chairs, Mallory & Sofia
>
>     [0] https://www.iab.org/wiki/index.php/RG_Reviews
>
>     [1] https://github.com/IRTF-HRPC/IRTF-HRPC/blob/main/hrpccharter.md
>
>     [2]
>     https://github.com/IRTF-HRPC/IRTF-HRPC/commit/1a029b31ab3521e8da1490924c94397a99497d19
>
>     [3] https://pad.riseup.net/p/Qgq2TJuWLbFSY1Jrcxgm
>
>
>     -- 
>     Mallory Knodel
>     CTO, Center for Democracy and Technology
>     gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780
>
>     _______________________________________________
>     hrpc mailing list
>     hrpc@irtf.org
>     https://www.irtf.org/mailman/listinfo/hrpc
>
-- 
Mallory Knodel
CTO, Center for Democracy and Technology
gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780

v2.23.0 | Report a Bug | By Email