IETF Logo Mail Archive

Re: [hrpc] My suggestion for the attribution paragraph

Mark Perkins <marknoumea@yahoo.com> Sat, 20 March 2021 06:45 UTC

Return-Path: <marknoumea@yahoo.com>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B06E33A1BF7 for <hrpc@ietfa.amsl.com>; Fri, 19 Mar 2021 23:45:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fDUBYThrY_7b for <hrpc@ietfa.amsl.com>; Fri, 19 Mar 2021 23:45:56 -0700 (PDT)
Received: from sonic317-28.consmr.mail.bf2.yahoo.com (sonic317-28.consmr.mail.bf2.yahoo.com [74.6.129.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E85B63A134E for <hrpc@irtf.org>; Fri, 19 Mar 2021 23:45:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1616222753; bh=3x1uLCBe4+hhVQbql/BvGNm5NPbBEsKMzrSsSyz4ekM=; h=Subject:To:References:From:Date:In-Reply-To:From:Subject:Reply-To; b=IwSz56BNXtrELr20qrypSihNEqsfGOyIyoW93vNbv2aTEqiNZ3BHgCy1kor0bCm3q8qQo7KksIcefBaAEn2fDKIYTe30go6ZVUUdrmBg+HwDGHSHU71NscaaZuuFGhkYC6LlaQCVTvm0MRi4QyflLTVmE0ZNsLrv27wCYPI0HysyPxjw8PDHCu1GqP66nsX6TgofaQh6+H7rsL07JHg0cCVISic4ZRoq2LJE3pImlYkrqL4z3VP0lnUwW2ithvS8Dd5YyPub5ffmyIUQG0BLiAjD9mVUoZbFxUhvDIYCFnG8rwaFjYTTJFLly5NRSavCBfpF+o4pVLUOZz/xtKL8gQ==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1616222753; bh=MmFusiLVFIm8RQ+FITJ/7ct2WI+gteiCCT9WH7piYky=; h=X-Sonic-MF:Subject:To:From:Date:From:Subject; b=feDpQ/Hgku0DDADvEtCannRkCWwpnpFZSBIfafsRzKvG/YmmEZ1X3QR851zGo6lFCSiXv6F9vJb4Cjw5LNk7Y3S4ZlyhCIkb48JgMpbv51Os5G9si7Z2iR3Hao60peJ2Bj8gfP9qdATwGEeQK3OuTDJdHlxH21Snyfqu172XOr6bENJ5aDdbbpSjxoyFVu8rrrN1aAuHN/glcaR4bhhMBcbFKeRHe6w7rWWdBc0D0odxFC3hVQdOgwt4TrAeisZWwv/jCkbodKOqxfBt7tHgoKYLiQ9aFEGXiChRJfQTGrbSR+OYgcqcjet1BoxlwlEHObyavwNTjIFadXKdgokmbw==
X-YMail-OSG: fFtAarEVM1mXLQsrlGUXqCDeR1zBxzeugcvkOz5dQlURpFC9xGQ2S6pbMSboQ0h mcXFHsSYX9WF3CU9drNNFQQ6K4N96PqKRcZ.ZNSQzn64a.ddlKjLzyHs9JxPMRNA37cvrIj95jF5 jX_.eFrc3EedSIM3RtU9quDZqsqLQAIW1Dco4B.SEwZLM5aIXsnLX6Sc2dlQx1erWr5AAcs1SFIM z2hgDRxcnb1m2Y7DUdSp6bA9KGn4RMQqLJCcPTMlW2WSX2Tp3Mrvs6v5y7C6Oicil1uYlrJ2EaMz Sff7CL303Rqw5dC6488wU4t0AaU4CoM0Cb3wDg6Ourmm8AG5l0pRPjxNelYYByv1qJVGAfLC_dPQ AEOGnfG73lMcmU.absk4Jg1dRDklqo6N7RTrs84AZhf1UbOIr1o_Cig6QnUYAOnKFLK8fJzuR6aA mFmpRW1C1QJp0_Rw7fnmBvY3NvtJjTPYg0FqEiKCkmeTzNM7RYzx5u9qspGLJH6.1LEHL6Prs4.2 TFVC2V2qTfz0esso8lml6Kbl.AIr5lmn0uUvXyGxP.Rohchl8cFGbS9ZUGbJXFL89anS7VfcBKQu 8_5WaLB.UOGl2ENh4Yi8HvGGOlUkCs05YUTbHQw5vg76qdpwjyj5rZxpVC_lH6TxZc2GslEn4uZd U9dU.lfL2YOTFUDJBPIPw7wmNqbczVi.DuPBLJO_L4jqNFdHMV.Na8Ktmt8Y8dlPyN9Hp93Di3aO O01UX.yJeQ903AG68AJtAgtx4uo1v7PhmR79CGFVRHkskM810SSIYU9JDDe9InJ6Vus1JvoGddBD Lpr.dLinUe0s7c6pAkJq7y3STIJraXcZTLjyCMIO98btdQvu937jpRAS36HjYUwZyRm8y7rXaM4Z BNXyVNehfZY4Xyi7BTSaXoBq7zY3grHcib0byMDWXVFd7TMgXCCWUPUz0ppU7oPRNwyoP5_uffk8 U_4uiBD3b1DELZu4OMIKaWxOwa.hIQFr_QW7P3CajWwMpaCjTI0sNjKMmwhd0OXEmQl.EjD5t1Zn S.fy8wenDE9Y4PG8h9esDOSMkCRcBDKU5CW50Ti3fookVLLQG8IViaL8qAyFI40dPHqgwqj1LEFt yu5xhXr7xRRWo906M7G45PSBPVPld3ZuCwAi48ba.gPm1SC4_57NjP_Wy_EtPFSXrnjTQj8pi2Ns pv_WkVQuyosaKZ3zFP8A8U2AiIx0dQI4vRN0Jnl15fkxEsw9PY4e.juIGor2F9GX8j1D5m94.iU6 rVEMFen3dDg.jQbWDePPsww.wGfm8e0q_3sQuMa_Uvez1bWjd6Abq5h2H23TOoXNSGql4VA_O0u5 lFxBegDxnSJIrvz88k02la3lnh0dyMe0eXJbTfXGqQ5CU11nE.mTezRw2h6rvFXfdNv9hecHMRI_ Yb7hcQdbbstcLXZ5nl9fT1U8tll_P4pjRfhIP7kN.nn4T8WTwNrE8uiddPKmjj_XEPL0NIlhMS6c XLQRmQ2ksavDDyqmCNEC626aXhNIb3u6ezpzawgH3h1xbNIBtQvZ3LLcpki8TpG363nQD9yJIbN6 MXtjxQSdSq4mr7LFFyCK7MadtsGlkSIGGDwXYKBXaQ0Nr3DGlcI9nk6TfWIXAlM.LBc.Ny9.cWXF l.GYET70JLp6d8aOYTqBu6jEnlQOLXIjD2KGDVjlmAKKd9zNstCqM2UfMgbJHg6E_IRK4g8gxaF4 e94enOVR_IJxoF2kedDtR7gysYhWhBcvaGd8mpYhSLjaFBsDrrXX0zHG5Go1bKVUB.58BJ68m.1X P2ygrAOpiUOIh.7GCfB6pQafAcVo9z25.nCzC5dhHxRDbr8RoGAUWl0M_ZS.IP9qqzM2HC8lWOkB npIzoUUTRy7PdEX9S98UfQlyCg9lG3.ZQ43FVR5YAkWsfIEwck_.t4hnWFrUOdm6JVaJL3ShSttF Y_61JF2uSVc_NBudPLEW9CUIp1auIjb6x1mRHrD1TM95FlYlQ17GNKZUz_j3iPIJCIICAJ.JgN_2 a_rZmqK1wNCaXzq3p2IEL6FlEc0p4RPf2HVZ4yPKW8XOKhVEYW2N2VKoDGzgCFw7m_Su61rZNt9r DTr6YXkjDJzmZ73qKx5TS4z7uorlTtbP2UiQAhGwSWocNKcNE5J4orke.1OLXUnKUYwzQMhlCKWd UncKoYY1.5RITz0pVVyNSpFEYpyW0jG72.JjGqxexh5DjDluz3i3E0hlEzKjqPvi2e2r4pMH2bpv 8ZNoIJoppwCeq0Qefu50uhKyy5_.2E_cMiDXuHPR0cHuXRJkeoeHjICCtuLgAt9Z8QgYq3jdyYXT pjIZPJ8f4ipgbCOQ5VvaTvLsGFOYefsCL9CBbOFpIn.iHhYvpPdSIt6yfDKPenDkK6m8nC_8w9b2 XzPUjTqloFCNVVLgBuM3KZlK8sKiuZNUkCb43yqJj3DR631iijkYMGCFF5R3yxSSqRjY7Nl3rLw- -
X-Sonic-MF: <marknoumea@yahoo.com>
Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.bf2.yahoo.com with HTTP; Sat, 20 Mar 2021 06:45:53 +0000
Received: by smtp410.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 355788b6c59d3b92161def8dd65ea566; Sat, 20 Mar 2021 06:45:48 +0000 (UTC)
To: hrpc@irtf.org
References: <CAN1qJvA_ONSNqk_Am6z6SASHO63eObaYMRVMY4cHR6XzPskGqg@mail.gmail.com> <988c1a1b-97a4-bccc-f991-7f51f760c088@cis-india.org> <CAN1qJvC2jPSJuawePyH5DO9xvqWLnUUAzFu8tWBzfkntQBEO6Q@mail.gmail.com> <5f706893-5ccf-a6ad-353e-1f64241e9978@yahoo.com> <91F738F9-3570-423A-8240-F3CB18EA25C8@istaff.org> <CAN1qJvCVMc9E1LaXBD8yENxH+0aWPFt7UqCLDS2CDp8Edrbaxw@mail.gmail.com> <114c3a3a-5b03-28d7-ee05-dc96d2351301@nielstenoever.net> <333c8a96-e7eb-2821-f70c-da2e1b52178f@yahoo.com> <77e7853c-8c31-5aab-ef25-cc5e0f0930cb@nielstenoever.net>
From: Mark Perkins <marknoumea@yahoo.com>
Message-ID: <84dec326-813a-ef10-cb50-14cb0da4b2da@yahoo.com>
Date: Sat, 20 Mar 2021 17:45:42 +1100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1
MIME-Version: 1.0
In-Reply-To: <77e7853c-8c31-5aab-ef25-cc5e0f0930cb@nielstenoever.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: fr
X-Antivirus: Avast (VPS 210319-10, 20/03/2021), Outbound message
X-Antivirus-Status: Clean
X-Mailer: WebService/1.1.17936 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo Apache-HttpAsyncClient/4.1.4 (Java/11.0.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/WpUTQAVW0h2ZdQJBcKyVW9FZYNg>
Subject: Re: [hrpc] My suggestion for the attribution paragraph
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: hrpc discussion list <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Mar 2021 06:45:59 -0000

Hi & thanks Niels

If this replacement can be done great- can we see how that will look?

If we can also insert the principle 'no right may be used to undermine / 
annul other rights', as per Gurshabad Grover's text regarding remedy 
(originally attribution) re privacy/anonymity/freedom of speech, then 
things would be excellent

Regards

Mark P.

Le 20/03/2021 à 10:04, Niels ten Oever a écrit :
> Excellent - so perhaps we should be dropping 'attribution' from the title and make a rewrite to focus on 'remedy'. I hope that will then fix the discussion.
>
> Would that approach make sense to you (specifically asking Mark, Farzaneh, and John :) )?
>
> Best,
>
> Niels
>
> On 19-03-2021 23:49, Mark Perkins wrote:
>> Niels
>>
>> I think that this could be a factor.
>>
>> A few points;
>>
>> Attribution (whichever meaning) does not equal remedy
>>
>> Attribution is an argument many governments are using against anonymity (India)  and end to end encryption (EU)
>>
>> Banks ensure payments over Internet via apps rather than underlying protocol; even on their proper network (ATM), payments are assured by law rather than protocol (given that banks had a poor track record...)
>>
>> 'Baking' attribution in at protocol level to aid with 'remedy' I fear will undermine the very human rights it is meant to help - something that human rights law is explictly opposed to (no right may be used to undermine / annul other rights)
>>
>> While I am opposed to including 'attribution', I understand that this may be a minority position; if it is included I think the paragraph should be much more nuanced, including the problems mentioned by myself  others
>>
>> Mark P.
>>
>> Le 20/03/2021 à 02:57, Niels ten Oever a écrit :
>>> Might it be that the discussion arises from the way attribution is used within the cybersecurity debate? Because here it has a very different meaning.
>>>
>>> Best,
>>>
>>> Niels
>>>
>>> On 19-03-2021 16:24, farzaneh badii wrote:
>>>> We have raised the problem of cherry-picking in previous papers when criticizing the approach of HRPC, but in this case I don't think cherry-picking is involved. Your framing [attribution results in or can help with legal remedy] is problematic because it brings jurisdictional issues to this document. What legal remedy, based on which law? I heard that people were saying we are not trying to bring one set of legal systems into the discussion. And it's not even clear how you can create a direct link between attribution and legal remedy. Access to legal remedy in the human rights law field does not mean that a private protocol developer helps victims or law enforcement with gathering evidence! Help with gathering evidence does not result in legal remedy. Access to legal remedy is much more nuanced than that.
>>>>
>>>> I think we just did not discuss this issue carefully for the past couple of years. We didn't have legal experts and human rights law experts that could analyze this in depth and give us their perspective. I am very concerned about including this paragraph. I tried to help with revising it so it is not that I want to stop progress but as I have said, this paragraph can be potentially against human rights more than for it.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Farzaneh
>>>>
>>>>
>>>> On Tue, Mar 16, 2021 at 9:20 AM John Curran <jcurran@istaff.org  <mailto:jcurran@istaff.org>> wrote:
>>>>
>>>>       Mark -
>>>>
>>>>       The fact that protocol support for attribution is important to support some human rights (i.e. the right to legal remedy)
>>>>       but poses important concerns regarding potential implications for other rights would seem to me to argue more strongly on the need for its inclusion in the guidelines rather than its omission, However, I’ll admit that I haven’t done direct protocol development in more than two decades and lacking as I am in recent first-hand experience, I'll leave it to this group to decide as it deems best.
>>>>
>>>>       All I do ask is that the IETF document be accurate regarding scope – i.e. if there is a determination to omit inclusion of some human rights from the guidelines because they are inconvenient, then the document should clearly indicate that it provides guidelines for _select_ human rights (and this would also suggest that the language "this is by no means an attempt to exclude specific rights or prioritize some rights over others. If other rights seem relevant, please contact the authors.” should probably be struck.)  I think this would be major step backward (and do not recommend such an approach), but see no other way to address your concerns about the potential risk to inexperienced protocol developers being led astray by the inclusion of the right to legal remedy.
>>>>
>>>>       Thanks,
>>>>       /John
>>>>
>>>>
>>>>>       On 11 Mar 2021, at 4:27 PM, Mark Perkins <marknoumea=40yahoo.com@dmarc.ietf.org  <mailto:marknoumea=40yahoo.com@dmarc.ietf.org>> wrote:
>>>>>
>>>>>       An annoying P.S.: just for the record I hope this paragraph does not encourage protocol developers to design protocols that can attribute certain action to an individual or lead to identification of people. I hope it doesn't legitimize attribution using protocols, with no accountability or checks and balances. Attribution features can be abused. I still don't think attribution should have been included at all, but that ship has sailed. So, I compromise.
>>>>>
>>>>>       MP>> This is exactly my fear, excepting that I disagree that "that ship has sailed", and am still not sure that consensus has been reached on this issue...
>>>>>
>>>>>       Mark P.
>>>>>
>>>>>       Le 12/03/2021 à 05:34, farzaneh badii a écrit :
>>>>>>       Thank you Gurshabad,
>>>>>>
>>>>>>       Yes this is fine, though I would have removed "may.. be" from the following sentence and replace it with "is".
>>>>>>       attribution on an individual level [may] *is not [*be] consistent with those particular human rights.  and would have removed individual from "i.e. mechanisms in protocols or architectures
>>>>>>       that are designed to make communications or artifacts attributable to acertain computer*or individual)*"
>>>>>>
>>>>>>       I can't think of a text that captures Mallory's suggestion right now but I am not insistent on further changes to be applied. So don't want to hold you back.
>>>>>>       All good and thank you for your hard and excellent work.
>>>>>>
>>>>>>
>>>>>>       An annoying P.S.: just for the record I hope this paragraph does not encourage protocol developers to design protocols that can attribute certain action to an individual or lead to identification of people. I hope it doesn't legitimize attribution using protocols, with no accountability or checks and balances. Attribution features can be abused. I still don't think attribution should have been included at all, but that ship has sailed. So, I compromise.
>>>>>>
>>>>>>
>>>>>>
>>>>>>       Farzaneh
>>>>>>
>>>>>>
>>>>>>       On Thu, Mar 11, 2021 at 1:00 PM Gurshabad Grover <gurshabad@cis-india.org  <mailto:gurshabad@cis-india.org>> wrote:
>>>>>>
>>>>>>           Thanks, Farzaneh.
>>>>>>
>>>>>>           I was referring to these suggestions (which came through well to my mail
>>>>>>           at least), which I mostly incorporated. I realised from your chat
>>>>>>           messages during hrpc today that you were highlighting the importance of
>>>>>>           removing the reference to 'law enforcement agencies'. Taking that and
>>>>>>           the recent suggestions into account, would this text be fine?
>>>>>>
>>>>>>           """
>>>>>>           Question(s): Can your protocol facilitate a negatively impacted party's
>>>>>>           right to the appropriate remedy without disproportionately impacting
>>>>>>           other parties' human rights, especially their right to privacy?
>>>>>>
>>>>>>           Explanation: Attribution (i.e. mechanisms in protocols or architectures
>>>>>>           that are designed to make communications or artifacts attributable to a
>>>>>>           certain computer or individual) may help victims of crimes in seeking
>>>>>>           appropriate remedy.  However, attribution mechanisms may impede the
>>>>>>           exercise of the right to privacy.  The Special Rapporteur for Freedom of
>>>>>>           Expression has also argued that anonymity is an inherent part of freedom
>>>>>>           of expression. [Kaye] Considering the adverse impact of attribution on
>>>>>>           the right to privacy and freedom of expression, enabling attribution on
>>>>>>           an individual level may not be consistent with those particular human
>>>>>>           rights.
>>>>>>           """
>>>>>>
>>>>>>           On a finer point: I do not think that it is appropriate to remove 'the
>>>>>>           right to remedy' from the 'Impacts' section, because it is precisely
>>>>>>           what this section about (regardless of the final position it takes).
>>>>>>
>>>>>>           -Gurshabad
>>>>>>
>>>>>>
>>>>>>           On 3/11/21 11:19 PM, farzaneh badii wrote:
>>>>>>           > Seems like the suggestion I made did not come through because I
>>>>>>           > strike-through
>>>>>>           > Screen Shot 2021-03-11 at 12.44.34 PM.png
>>>>>>           >  that didn't appear on the mailing list archive so I took a screenshot
>>>>>>           > of the changes I suggested which is attached.
>>>>>>           >
>>>>>>           > I will rewrite it here.
>>>>>>           > Farzaneh
>>>>>>           >
>>>>>>           > _______________________________________________
>>>>>>           > hrpc mailing list
>>>>>>           >hrpc@irtf.org  <mailto:hrpc@irtf.org>
>>>>>>           >https://www.irtf.org/mailman/listinfo/hrpc  <https://www.irtf.org/mailman/listinfo/hrpc>
>>>>>>           >
>>>>>>
>>>>>>
>>>>>>       _______________________________________________
>>>>>>       hrpc mailing list
>>>>>>       hrpc@irtf.org  <mailto:hrpc@irtf.org>
>>>>>>       https://www.irtf.org/mailman/listinfo/hrpc  <https://www.irtf.org/mailman/listinfo/hrpc>
>>>>>       <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>      Garanti sans virus.www.avast.com  <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>>>>>
>>>>>       _______________________________________________
>>>>>       hrpc mailing list
>>>>>       hrpc@irtf.org  <mailto:hrpc@irtf.org>
>>>>>       https://www.irtf.org/mailman/listinfo/hrpc  <https://www.irtf.org/mailman/listinfo/hrpc>
>>>>       _______________________________________________
>>>>       hrpc mailing list
>>>>       hrpc@irtf.org  <mailto:hrpc@irtf.org>
>>>>       https://www.irtf.org/mailman/listinfo/hrpc  <https://www.irtf.org/mailman/listinfo/hrpc>
>>>>
>>>>
>>>> _______________________________________________
>>>> hrpc mailing list
>>>> hrpc@irtf.org
>>>> https://www.irtf.org/mailman/listinfo/hrpc
>>>>

-- 
L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel antivirus Avast.
https://www.avast.com/antivirus

v2.23.0 | Report a Bug | By Email