Re: [hrpc] Censorship
Andrew Sullivan <ajs@anvilwalrusden.com> Mon, 14 March 2022 15:11 UTC
Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E50A23A0A62 for <hrpc@ietfa.amsl.com>; Mon, 14 Mar 2022 08:11:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=yitter.info header.b=aq41gbYA; dkim=pass (1024-bit key) header.d=yitter.info header.b=WsSOaEbr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PMdZcJq-eKDk for <hrpc@ietfa.amsl.com>; Mon, 14 Mar 2022 08:11:48 -0700 (PDT)
Received: from mx5.yitter.info (mx5.yitter.info [159.203.31.152]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2813D3A0A90 for <hrpc@irtf.org>; Mon, 14 Mar 2022 08:11:47 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mx5.yitter.info (Postfix) with ESMTP id 13E84BD5C5 for <hrpc@irtf.org>; Mon, 14 Mar 2022 15:11:16 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1647270676; bh=pQgX6CnlckjO4ZfE9xXdAfa8C8DYa7+YcnwX29Mtz5I=; h=Date:From:To:Subject:References:In-Reply-To:From; b=aq41gbYAbvLYBu9W9w4oc3+gTBD4sGqdDxvCglGv8oQuZ0S1KB4EhtqaodY6WJy79 Jo0dBmaXSMT8SZsWiYXxKoXxP4LKyqf/Vp29YJf97yPknQIesRtUnJTX7OGPCFnwzg W4/ESo497OisBurqqKYaYabvIpgSAblcu5RzSHhs=
X-Virus-Scanned: Debian amavisd-new at crankycanuck.ca
Received: from mx5.yitter.info ([127.0.0.1]) by localhost (mx5.yitter.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jlU3u6et1gpv for <hrpc@irtf.org>; Mon, 14 Mar 2022 15:11:13 +0000 (UTC)
Date: Mon, 14 Mar 2022 11:11:11 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1647270673; bh=pQgX6CnlckjO4ZfE9xXdAfa8C8DYa7+YcnwX29Mtz5I=; h=Date:From:To:Subject:References:In-Reply-To:From; b=WsSOaEbr0T5e0MlV5Dgw6H5cVDNo+S+NJs425Rl+Y4sdbU82pKnGgaOUYnTDg/YQP xHIMfKFOCYnnC+ilv0x08cZRcgefFlvJucFxbDeqJ+CK1Jr7dMEUbGSJ+MI97zg9Dx xv5TaEI5sujPp+pi7vzhYyNFPABqutZ2AE22+wpI=
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: hrpc@irtf.org
Message-ID: <20220314151111.eird5poe2scjoywn@crankycanuck.ca>
Mail-Followup-To: hrpc@irtf.org
References: <1779273019.188450.1647022617139@appsuite-gw2.open-xchange.com> <AF3A93BB-04A7-4E5F-B88A-CD441369874E@nohats.ca> <1bf024c5-9044-f806-9ce9-7a3377045f48@lear.ch> <25132.19040.388723.228805@gargle.gargle.HOWL> <B41A8BB3-BBF3-4D53-A14D-E1CE4BC782DF@pch.net> <20220313214033.rysyxmydzda2v3kw@crankycanuck.ca> <DgjJ0pvzPp-nRdnSldzL0wBJfaVS74YhB-k_2rln_6ucqpbfaVYynous2WNiSrd2uZ26kaBCYfL8WauDvRvD6WYVePDWrm8zpxSfgd6BRzM=@interpeer.io>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <DgjJ0pvzPp-nRdnSldzL0wBJfaVS74YhB-k_2rln_6ucqpbfaVYynous2WNiSrd2uZ26kaBCYfL8WauDvRvD6WYVePDWrm8zpxSfgd6BRzM=@interpeer.io>
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/aH3riNY2ynbJb0eMuePIKAQdzb8>
Subject: Re: [hrpc] Censorship
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: hrpc discussion list <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Mar 2022 15:11:54 -0000
Hi, [Still employed, still not speaking for them. This note is too long. I didn't have time to write a short one.] On Mon, Mar 14, 2022 at 08:53:11AM +0000, Jens Finkhaeuser wrote: > >What this tells me is the mechanisms for "cutting off" parts of the Internet must exist, as a self-defense measure. There are lots of network-operational reasons for one network not to speak to another part of the network. This is true both at the level of particular applications and at the level of the network itself. The IAB published a document about this some time ago (I was on the IAB that approved it): https://www.rfc-editor.org/rfc/rfc7754.txt What I believe the sanctions statement is claiming is that there is a legitimate category of blocklist that filters networks based on political considerations related to who controls those target networks or where they are located or something like that. It may be claiming (or it may be motivated by a belief even if it is not claiming) that not _every_ such filter is legitimate, but it does fundamentally depend on granting the premise that it is sometimes legitimate to institute such a filter. This is perhaps a subclass of RFC 7754 section 3.2 bullet 2 or bullet 3, but I tend to think it is a category that 7754 didn't actually consider fully. To be clear, I do not grant the premise that it is ever legitimate to block networks on such political grounds (I find the very premise to be a mistake) but I want to take the argument seriously in its own terms. It is not reasonable in my opinion to claim such filters are "self-defense", at least in the network sense. They are, rather, an attempt to use one economic good (connectivity) to cause other kinds of political change. I claim in my prior note to this list that such a weaponization[1] of the Internet appears to be bad for freedom of association. I would claim further that, to the extent such weaponization is mandatory under some government policy, it is an abridgement of that freedom by that government. >We seem to be discussing things here, however, as if those mechanisms were the exact same thing as legally mandating their use. > When one uses a term that is currently widely used to denote government-imposed restrictions on trade and other economic activities at the risk of fine and imprisonment, one should not be surprised when other people interpret one's intent as supporting legal mandates. >3. A blocklist implemented to defend against attacks is often necessary (and we see this mechanism in firewall rules, spam filtering, etc. everywhere), and definitely not censorship; it's self-defense. > This is, as I argue above, insufficiently nuanced analysis for the purposes to which it is being put. I would suggest that the framework in RFC 7754 section 4 offers a better mechanism for undertaking the evaluation of any of the proposed blocklists. Here is how I'd do it: • Any blocklist sufficient to achieve the political goals of the blocklist will automatically need to be large in scope (section 4.1.1), because there are many networks that would inevitably be affected. The sanctions statement is either naïve or disingenuous when it proposes limiting its effects only to military or propaganda targets: an army that invades another country, bombing hospitals along the way, is hardly likely to cavil at the thought of using a supposedly-civilian network for its purposes. In addition, because of considerations of efficacy, either the blocklist would be totally ineffective or else it would rapidly grow and splinter the Internet very badly. • Any blocklist sufficient to achieve the political goals of the blocklist would be low in granularity (section 4.1.2), largely for the same reasons above. When cutting off networks completely, one affects every use from within that network. • Any blocklist sufficient to achieve the political goals of the blocklist would need to block not only the networks that are directly implicated in the undesirable political operations of the target, but also any network that provided communication to those networks. That is the only way the blocklist could be efficacious (section 4.1.3). This would entail serious consequences for the very idea of the Internet. It might be politically unacceptable to do such damage to the Internet, in which case the blocklist would have low efficacy and would really be a symbolic gesture. A symbolic gesture seems all but guaranteed to be useless (and unsatisfying to those who want the desired political effect). • Any blocklist likely to be proposed would probably have negative consequences for security (section 4.1.4) given the realities of how the X.509 certificate system works. In particular, since even the most granular blocklist would doubtless cover certain government sites, those sites would not be able to obtain their certificates through usual means. This will inevitably cause the target government authorities to issue their own CAs that are to be trusted for communication with the government. Given that the working theory behind the blocklist is that said government is not benevolent (otherwise it would presumably not be a target for sanction), there are good reasons to doubt that such a CA would secure communications in the ways one might desire. In sum, there are two possibilities. In one case, the blocklist will be overbroad and have negative consequences for ordinary citizens, and therefore fails the sanctions statement's principle, "Disconnecting the population of a country from the Internet is a disproportionate and inappropriate sanction." As I argued in my previous post, such a blocklist protocol would have negative consequences for the right of freedom of association. Alternatively, the blocklist will be too small to be effective, and so fails the statement's principle, "Ineffective sanctions waste effort and willpower and convey neither unity nor conviction." Such a blocklist and its associated protocol, if required by law, would _still_ have negative effects for freedom of association, because it would prevent some networks who might want to connect to other networks from making those connections. And of course, if the regime were totally voluntary then it would likely be ignored, and the foreign policy preferences of the governments that desired to use economic sanctions would not be implemented at all (but that branch of the logic seems to me off-topic for this RG, so I won't consider it further here). [1] What we today call sanctions were called, at the time of their adoption as a tool of the League of Nations, "the economic weapon". See Mulder, Nicholas, _The Ecomomic Weapon: The Rise of Sanctions as a Tool of Modern War_. New Haven: YUP, 2022. Best regards, A -- Andrew Sullivan ajs@anvilwalrusden.com
- [hrpc] Censorship Vittorio Bertola
- Re: [hrpc] Censorship Bill Woodcock
- Re: [hrpc] Censorship Vittorio Bertola
- Re: [hrpc] Censorship Bill Woodcock
- Re: [hrpc] Censorship Eliot Lear
- Re: [hrpc] Censorship Bill Woodcock
- Re: [hrpc] Censorship Eliot Lear
- Re: [hrpc] Censorship S Moonesamy
- Re: [hrpc] Censorship avri
- Re: [hrpc] Censorship Stephen Farrell
- Re: [hrpc] Censorship Bill Woodcock
- Re: [hrpc] Censorship Stephen Farrell
- Re: [hrpc] Censorship Bill Woodcock
- Re: [hrpc] Censorship Stephen Farrell
- Re: [hrpc] Censorship Bill Jouris
- Re: [hrpc] Censorship Jens Finkhaeuser
- Re: [hrpc] Censorship Vittorio Bertola
- Re: [hrpc] Censorship Paul Wouters
- Re: [hrpc] Censorship Eliot Lear
- Re: [hrpc] Censorship Mallory Knodel
- Re: [hrpc] Censorship Niels ten Oever
- Re: [hrpc] Censorship Niels ten Oever
- Re: [hrpc] Censorship bzs
- Re: [hrpc] Censorship Bill Woodcock
- Re: [hrpc] Censorship Bill Woodcock
- Re: [hrpc] Censorship Bill Woodcock
- Re: [hrpc] Censorship Bill Jouris
- Re: [hrpc] Censorship Bill Woodcock
- Re: [hrpc] Censorship farzaneh badii
- Re: [hrpc] Censorship Paul Wouters
- Re: [hrpc] Censorship Paul Wouters
- Re: [hrpc] Censorship Bill Woodcock
- Re: [hrpc] Censorship Andrew Sullivan
- Re: [hrpc] Censorship bzs
- Re: [hrpc] Censorship bzs
- Re: [hrpc] Censorship Jens Finkhaeuser
- Re: [hrpc] Censorship Bill Woodcock
- Re: [hrpc] Censorship S Moonesamy
- Re: [hrpc] Censorship Niels ten Oever
- Re: [hrpc] Censorship Alexandre Petrescu
- Re: [hrpc] Censorship Andrew Sullivan
- [hrpc] draft-irtf-hrpc-association (was Re: Censo… Andrew Sullivan
- Re: [hrpc] draft-irtf-hrpc-association (was Re: C… Niels ten Oever
- Re: [hrpc] Censorship Niels ten Oever
- Re: [hrpc] Censorship Andrew Sullivan
- Re: [hrpc] Censorship Jens Finkhaeuser
- Re: [hrpc] ***SPAM**** Re: Censorship Stephen Farrell
- Re: [hrpc] Censorship bzs
- Re: [hrpc] Censorship Alexandre Petrescu
- Re: [hrpc] ***SPAM**** Re: Censorship Mallory Knodel
- Re: [hrpc] Censorship Niels ten Oever
- Re: [hrpc] ***SPAM**** Re: Censorship Bill Woodcock
- Re: [hrpc] Censorship Mallory Knodel
- Re: [hrpc] ***SPAM**** Re: Censorship Mallory Knodel
- Re: [hrpc] ***SPAM**** Re: Censorship Niels ten Oever
- Re: [hrpc] Censorship farzaneh badii
- Re: [hrpc] ***SPAM**** Re: Censorship Eliot Lear
- Re: [hrpc] Censorship Andrew Sullivan
- Re: [hrpc] ***SPAM**** Re: Censorship Mallory Knodel
- Re: [hrpc] ***SPAM**** Re: Censorship Melinda Shore
- Re: [hrpc] Censorship Stephen Farrell
- Re: [hrpc] ***SPAM**** Re: Censorship Eliot Lear
- Re: [hrpc] Censorship Niels ten Oever
- Re: [hrpc] Censorship Niels ten Oever
- Re: [hrpc] Censorship farzaneh badii
- Re: [hrpc] Censorship Desiree Miloshevic
- Re: [hrpc] Censorship Alexandre Petrescu
- Re: [hrpc] Censorship Alexandre Petrescu
- Re: [hrpc] Censorship S Moonesamy
- Re: [hrpc] Censorship Desiree Miloshevic
- Re: [hrpc] Censorship Alexandre Petrescu
- Re: [hrpc] Censorship Alexandre Petrescu
- Re: [hrpc] Censorship Alexandre Petrescu
- Re: [hrpc] Censorship S Moonesamy
- Re: [hrpc] Censorship Alexandre Petrescu
- Re: [hrpc] Censorship Alexandre Petrescu
- Re: [hrpc] Censorship S Moonesamy
- Re: [hrpc] RIPE Cooperation Working Group Remote … Alexandre Petrescu