Re: [hrpc] HRPC recharter

[Andrew Sullivan <ajs@anvilwalrusden.com>]

Dear colleagues,

I work for the Internet Society, but this is only my opinion.

On Thu, Dec 22, 2022 at 12:30:39PM -0500, Mallory Knodel wrote:

>The recharter text is available in GitHub [1] where you can view a 
>diff [2]. It is also in a plaintext format with more visual 
>indications of where the changes have been made [3].

I had a look at this.  I have some thoughts.

First, while I initially thought I understood the purpose of the change, I guess I wonder whether the expansion of the scope keeps the RG properly inside an IRTF area of work.  RFC 2014 says, "The IRTF focuses on longer term research issues related to the Internet," and also, "These groups work on topics related to Internet protocols, applications, architecture and technology."  It seems to me at least possible that "policy" is not actually included in that scope, and that attempting to include it has a faint air of circularity about it: drawing (or at least implying) a conclusion about the purported subject of the research rather than doing research necessary to show the conclusion.

My worry about that is perhaps illustrated by this proposed addition to the charter:

	Moreover it is widely accepted that technical design decisions
	about the Internet are not value neutral [RFC3935] and can have
	lasting impacts on public policy and individual rights.

First of all, I doubt that reading is actually supported by the plain text of RFC 3935.  Second, I don't know whether that claim is in fact widely accepted (BCPs represent at best IETF consensus at their publication, not consensus of the world).  Third, even if it were, that might be a reason to treat it as a research question rather than anything else.  After all, in some quarters the distinctions among the Internet, the web, and Facebook are at least obscure, but I should hope we don't think that shows the identity of Facebook and the Internet.

But perhaps what makes me most uneasy is this research question:

	How are human rights and public interest policy considered in the
	development of the Internet?

The objective in the original charter, however large (and regardless of how well the RG constrained itself to that objective), seemed to me to be at least bounded.  But in the above question, we have several terms that strike me as so large in scope as to give the RG the scope to talk about essentially anything at all.

For instance, I have no idea where "public interest policy" begins or ends in relation to the development of the Internet.  Some have argued, only recently, that there is a public interest in ensuring the ability of governments to intervene in what they regard as harmful content traversing networks within their jurisdictions, for instance, and that therefore a set of identity mechanisms entirely foreign to TCP/IP needs to be built into the core protocols the Internet uses.  Is that in scope under this charter proposal?  I think it is, but I think that would be weird.

There is, moreover, the very question of "how…is considered" works.  That strikes me as a rather large research project alone, involving anthropological, ethnographic, and maybe even psychological study of virtually any "development" (more on this below) of the Internet, whether that happens in open or closed fora and whether it is related to strictly technical, or strictly political, or other questions.

Finally, there is the question of what "development of the Internet" means.  I think it is plain that (say) Twitter was and is in at least some sense a "development of the Internet".  So are policies specifically related to so-called "online harms".  So is the hooking up of a vast number of largely unmanaged and mostly unsecured sensors and actuators, possibly without any effort at management.  So is the burgeoning centralization of services that is related at least in part to the preference of http(s) over other protocols and at least in part to industrial policy trends that took hold (especially in so-called developed economies) starting around 1980.  So is the emergence of TLS 1.3 into an environment where nightly builds and frequent updates were the norm.  So is the development of QUIC as a standards effort brought to a standards development organization after a period of incubation in a single firm.  And so, of course, is the development of techniques to secure DNS queries and responses from the eyes of (some set of) third parties to the protocol operation.  That seems like a pretty large scope, and it makes me uncomfortable to suggest that a single RG could really have such a scope.

Finally, there is some discussion within the thread that I think may explain where some of this tension is coming from.  I believe that the RG has often functioned as much as a rallying point for a rough set of positions about the Internet, and the advocacy of those positions.  In many cases, I may even agree with those positions.  But it is obscure to me what the research question is in such cases.  I often felt that such advocacy discussions were not really within the scope of the RG, and I felt these things often enough that even if other duties had not absorbed me I imagine I would have drifted away from interest in this RG.  Widening the scope as I have outlined above might have the desired effect of placing such advocacy activities within the RG scope.  But as I said at the outset, I am not too convinced that such activities properly belong in the IRTF.

>the group was chartered the first time. Additionally I think there is 
>value in the group name and its charter text being written so as to 
>explicitly attract researchers and research that discuss policy, as a 
>"place to land" in the IETF/IRTF.

I think there is pretty grave danger, if the "P" is to be recycled to mean "policy", in blurring the distinction between the IETF and IRTF the way the above does.  There are really very good reasons why policy as such is often regarded as out of place in IETF discussions.  This RG has argued I think (though not to my mind always persuasively) that in at least some cases some policy choices are unavoidable.  But in a standards development organization, it is still correct for the standards development to select the policy space in which a protocol will operate, and then leave to operators and so forth the decisions about "how the knobs will be set".  This is why the RFC 2119 "SHOULD" isn't supposed to be morally hortatory, but technically so.  That is, it is supposed to be used not as, "This is a good thing to do," but instead that there are quite possibly interoperation harms from failing to do the thing so specified and so an implementation had better understand that.  Now, it might well be appropriate for the Internet Protocol Ethics Research Group to come up with the moral imperatives for how a protocol ought to be deployed, but I don't think a technical standards development organization can properly tackle that job.  Therefore, I'd urge those rechartering to avoid thinking of this as implicating the IETF in any sense at all.  The IRTF doesn't have that power.

Best regards,

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com