IETF Logo Mail Archive

Re: [hrpc] Censorship

Andrew Sullivan <ajs@anvilwalrusden.com> Mon, 14 March 2022 15:11 UTC

Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E50A23A0A62 for <hrpc@ietfa.amsl.com>; Mon, 14 Mar 2022 08:11:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=yitter.info header.b=aq41gbYA; dkim=pass (1024-bit key) header.d=yitter.info header.b=WsSOaEbr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PMdZcJq-eKDk for <hrpc@ietfa.amsl.com>; Mon, 14 Mar 2022 08:11:48 -0700 (PDT)
Received: from mx5.yitter.info (mx5.yitter.info [159.203.31.152]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2813D3A0A90 for <hrpc@irtf.org>; Mon, 14 Mar 2022 08:11:47 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mx5.yitter.info (Postfix) with ESMTP id 13E84BD5C5 for <hrpc@irtf.org>; Mon, 14 Mar 2022 15:11:16 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1647270676; bh=pQgX6CnlckjO4ZfE9xXdAfa8C8DYa7+YcnwX29Mtz5I=; h=Date:From:To:Subject:References:In-Reply-To:From; b=aq41gbYAbvLYBu9W9w4oc3+gTBD4sGqdDxvCglGv8oQuZ0S1KB4EhtqaodY6WJy79 Jo0dBmaXSMT8SZsWiYXxKoXxP4LKyqf/Vp29YJf97yPknQIesRtUnJTX7OGPCFnwzg W4/ESo497OisBurqqKYaYabvIpgSAblcu5RzSHhs=
X-Virus-Scanned: Debian amavisd-new at crankycanuck.ca
Received: from mx5.yitter.info ([127.0.0.1]) by localhost (mx5.yitter.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jlU3u6et1gpv for <hrpc@irtf.org>; Mon, 14 Mar 2022 15:11:13 +0000 (UTC)
Date: Mon, 14 Mar 2022 11:11:11 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1647270673; bh=pQgX6CnlckjO4ZfE9xXdAfa8C8DYa7+YcnwX29Mtz5I=; h=Date:From:To:Subject:References:In-Reply-To:From; b=WsSOaEbr0T5e0MlV5Dgw6H5cVDNo+S+NJs425Rl+Y4sdbU82pKnGgaOUYnTDg/YQP xHIMfKFOCYnnC+ilv0x08cZRcgefFlvJucFxbDeqJ+CK1Jr7dMEUbGSJ+MI97zg9Dx xv5TaEI5sujPp+pi7vzhYyNFPABqutZ2AE22+wpI=
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: hrpc@irtf.org
Message-ID: <20220314151111.eird5poe2scjoywn@crankycanuck.ca>
Mail-Followup-To: hrpc@irtf.org
References: <1779273019.188450.1647022617139@appsuite-gw2.open-xchange.com> <AF3A93BB-04A7-4E5F-B88A-CD441369874E@nohats.ca> <1bf024c5-9044-f806-9ce9-7a3377045f48@lear.ch> <25132.19040.388723.228805@gargle.gargle.HOWL> <B41A8BB3-BBF3-4D53-A14D-E1CE4BC782DF@pch.net> <20220313214033.rysyxmydzda2v3kw@crankycanuck.ca> <DgjJ0pvzPp-nRdnSldzL0wBJfaVS74YhB-k_2rln_6ucqpbfaVYynous2WNiSrd2uZ26kaBCYfL8WauDvRvD6WYVePDWrm8zpxSfgd6BRzM=@interpeer.io>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <DgjJ0pvzPp-nRdnSldzL0wBJfaVS74YhB-k_2rln_6ucqpbfaVYynous2WNiSrd2uZ26kaBCYfL8WauDvRvD6WYVePDWrm8zpxSfgd6BRzM=@interpeer.io>
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/aH3riNY2ynbJb0eMuePIKAQdzb8>
Subject: Re: [hrpc] Censorship
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: hrpc discussion list <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Mar 2022 15:11:54 -0000

Hi,

[Still employed, still not speaking for them.  This note is too long.
I didn't have time to write a short one.]

On Mon, Mar 14, 2022 at 08:53:11AM +0000, Jens Finkhaeuser wrote:
>
>What this tells me is the mechanisms for "cutting off" parts of the Internet must exist, as a self-defense measure.

There are lots of network-operational reasons for one network not to
speak to another part of the network.  This is true both at the level
of particular applications and at the level of the network itself.
The IAB published a document about this some time ago (I was on the
IAB that approved it): https://www.rfc-editor.org/rfc/rfc7754.txt

What I believe the sanctions statement is claiming is that there is a
legitimate category of blocklist that filters networks based on
political considerations related to who controls those target networks
or where they are located or something like that.  It may be claiming
(or it may be motivated by a belief even if it is not claiming) that
not _every_ such filter is legitimate, but it does fundamentally
depend on granting the premise that it is sometimes legitimate to
institute such a filter.  This is perhaps a subclass of RFC 7754
section 3.2 bullet 2 or bullet 3, but I tend to think it is a category
that 7754 didn't actually consider fully.  To be clear, I do not grant
the premise that it is ever legitimate to block networks on such
political grounds (I find the very premise to be a mistake) but I
want to take the argument seriously in its own terms.

It is not reasonable in my opinion to claim such filters are
"self-defense", at least in the network sense.  They are, rather, an
attempt to use one economic good (connectivity) to cause other kinds
of political change.

I claim in my prior note to this list that such a weaponization[1] of
the Internet appears to be bad for freedom of association.  I would
claim further that, to the extent such weaponization is mandatory
under some government policy, it is an abridgement of that freedom by
that government.

>We seem to be discussing things here, however, as if those mechanisms were the exact same thing as legally mandating their use.
>

When one uses a term that is currently widely used to denote
government-imposed restrictions on trade and other economic activities
at the risk of fine and imprisonment, one should not be surprised when
other people interpret one's intent as supporting legal mandates.

>3.  A blocklist implemented to defend against attacks is often necessary (and we see this mechanism in firewall rules, spam filtering, etc. everywhere), and definitely not censorship; it's self-defense.
>

This is, as I argue above, insufficiently nuanced analysis for the
purposes to which it is being put.  I would suggest that the framework
in RFC 7754 section 4 offers a better mechanism for undertaking the
evaluation of any of the proposed blocklists.  Here is how I'd do it:

	• Any blocklist sufficient to achieve the political goals of the
	blocklist will automatically need to be large in scope (section
	4.1.1), because there are many networks that would inevitably be
	affected.  The sanctions statement is either naïve or disingenuous
	when it proposes limiting its effects only to military or
	propaganda targets: an army that invades another country, bombing
	hospitals along the way, is hardly likely to cavil at the thought
	of using a supposedly-civilian network for its purposes.  In
	addition, because of considerations of efficacy, either the
	blocklist would be totally ineffective or else it would rapidly
	grow and splinter the Internet very badly.

	• Any blocklist sufficient to achieve the political goals of the
	blocklist would be low in granularity (section 4.1.2), largely for
	the same reasons above.  When cutting off networks completely, one
	affects every use from within that network.

	• Any blocklist sufficient to achieve the political goals of the
	blocklist would need to block not only the networks that are
	directly implicated in the undesirable political operations of the
	target, but also any network that provided communication to those
	networks.  That is the only way the blocklist could be efficacious
	(section 4.1.3).  This would entail serious consequences for the
	very idea of the Internet.  It might be politically unacceptable
	to do such damage to the Internet, in which case the blocklist
	would have low efficacy and would really be a symbolic gesture.  A
	symbolic gesture seems all but guaranteed to be useless (and
	unsatisfying to those who want the desired political effect).

	• Any blocklist likely to be proposed would probably have negative
     consequences for security (section 4.1.4) given the realities of
     how the X.509 certificate system works.  In particular, since
     even the most granular blocklist would doubtless cover certain
     government sites, those sites would not be able to obtain their
     certificates through usual means. This will inevitably cause the
     target government authorities to issue their own CAs that are to
     be trusted for communication with the government. Given that the
     working theory behind the blocklist is that said government is not
     benevolent (otherwise it would presumably not be a target for
     sanction), there are good reasons to doubt that such a CA would
     secure communications in the ways one might desire.

In sum, there are two possibilities.  In one case, the blocklist will
be overbroad and have negative consequences for ordinary citizens, and
therefore fails the sanctions statement's principle, "Disconnecting
the population of a country from the Internet is a disproportionate
and inappropriate sanction."  As I argued in my previous post, such a
blocklist protocol would have negative consequences for the right of
freedom of association.  Alternatively, the blocklist will be too
small to be effective, and so fails the statement's principle,
"Ineffective sanctions waste effort and willpower and convey neither
unity nor conviction."  Such a blocklist and its associated protocol,
if required by law, would _still_ have negative effects for freedom of
association, because it would prevent some networks who might want to
connect to other networks from making those connections. And of
course, if the regime were totally voluntary then it would likely be
ignored, and the foreign policy preferences of the governments that
desired to use economic sanctions would not be implemented at all (but
that branch of the logic seems to me off-topic for this RG, so I won't
consider it further here).

[1] What we today call sanctions were called, at the time of their
adoption as a tool of the League of Nations, "the economic weapon".
See Mulder, Nicholas, _The Ecomomic Weapon: The Rise of Sanctions as a
Tool of Modern War_. New Haven: YUP, 2022.

Best regards,

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com

v2.23.0 | Report a Bug | By Email