IETF Logo Mail Archive

Re: [hrpc] Protocol/Architecture consideration of Attribution & right of legal remedy (was: Re: I-D Action: draft-irtf-hrpc-guidelines-03.txt)

Niels ten Oever <mail@nielstenoever.net> Wed, 12 June 2019 10:39 UTC

Return-Path: <mail@nielstenoever.net>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A24B12008D for <hrpc@ietfa.amsl.com>; Wed, 12 Jun 2019 03:39:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mLXzAoIc1Wd6 for <hrpc@ietfa.amsl.com>; Wed, 12 Jun 2019 03:39:09 -0700 (PDT)
Received: from smarthost1.greenhost.nl (smarthost1.greenhost.nl [195.190.28.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 281CC12007A for <hrpc@irtf.org>; Wed, 12 Jun 2019 03:39:08 -0700 (PDT)
Received: from smtp.greenhost.nl ([213.108.110.112]) by smarthost1.greenhost.nl with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mail@nielstenoever.net>) id 1hb0eI-0003Kw-WC; Wed, 12 Jun 2019 12:39:05 +0200
To: Amelia Andersdotter <amelia@article19.org>, John Curran <jcurran@istaff.org>
Cc: hrpc@irtf.org
References: <155989623088.20255.12181969220178709616@ietfa.amsl.com> <C550D5BC-8062-4C58-8CEC-B82B2798C1D9@istaff.org> <71b7350e-cb75-aba1-1717-50d1069531b1@nielstenoever.net> <B8D9823F-2D42-42DF-AE8A-6E67532DA4D1@istaff.org> <d66b60ab-3aaa-d45d-3f47-d2c00f89119d@article19.org>
From: Niels ten Oever <mail@nielstenoever.net>
Openpgp: preference=signencrypt
Autocrypt: addr=mail@nielstenoever.net; prefer-encrypt=mutual; keydata= mQINBFgpcR0BEACnfvNwTMlN+pyZT0AFYhWqxG3N4AoPIeNfbxLQH7dk8ZL7Ls05xtORfnu9 ovoaRrZpDufkMviUFidNYePbQNdgf63vWVgwpQR7utluwWraetcmZOu6tayJuyBK2b6d2Z23 MJAQxfa2/GMlN3QkvobaoyKtgbc8rOCgNla7WwkgtiVJ89xbAUHXPFpKWZluVRjaFh4p5C5r 7E5OvUiEGLQ5Cn2ir2PGIyIVqjB+hLTyaI6dIGCz2jtL0RATjmsmYUX7UkU/pz8MPPC2BJ5P KU9pdXMRBhAStxcph8vCo2ze9xSi3+1/5A2ULVtvO4s0hZ+exbTfMxMg3H5CCRFEEJXlQEXa Cd0ZHvqcv5xq8n9w/Ccd0CqYWATIwyP8Jlzd+BY3QGTWnWlgoAbs3Guh/pFYhEFNuuAF5Jk1 k5OlNGsRE/LQJmbT5SE7AtLJLbWewcHlEyIH+K6J8uVa4ExLXmRy+eRkFaxjGy3fLlUpy1Ee 1kU7VsQ/TZ8g8ujsMzxqsdB6y0TD/kVlWaDqPL6F+b+pm3lAuCBGWM1YZROTG58R6pD7sNVm i0ift4dIttAsg+2KoShm9A8kQ3tACXZDgNPC0l7VOqnVayjnF0RmjGeiX7PjOcLQCZ9a5wAH 5mrXMaKvfszqAVkP9HSrk1QVZOipF6vEimL43Czy7Rp1aUaUwwARAQABtChOaWVscyB0ZW4g T2V2ZXIgPG1haWxAbmllbHN0ZW5vZXZlci5uZXQ+iQJZBBMBCABDAhsjBQkJZgGABwsJCAcD AgEGFQgCCQoLBBYCAwECHgECF4AWIQQkWAtwXEr9ipSIZDoO2D86RorIswUCWyJaFgIZAQAK CRAO2D86RorIs8I2D/wNc4kT+dRC3Y9lSygeVWuxNj21z/QlbNvfXx9NicgBx4uCjsCm0ZhS 6qnp0uHYZYr8rdIzrL3GazyEuG9uvNzZBvIHm92UY1x0NH0TOVbGwJCWKULStvg9S+DjmNgp x8XM9amCtuXZyCiESeoOVRUanzD1JIidJtKgDfxvC63kqYoXl3azP0ra2nZbpktMm2fW5YdN D6kp6otjBH/jtpLay1CpVDS2Ehl3rLXJVUu96hlBnQB8q+64qyhTZ23HnbU+ib5Zb3OFgYoB KHjukJ4tV4x9rQprCQeirKX627vcNniDPnMp/nr9Qww6iVidX2vsG/22cx8MqLfs4B9tOVCJ Ft9D7MOwxOWgKnaYvrPZBOEmnuGq7btQe1tQZukL1Z83jKkV/e43k1gJaRt4Nl3/6YYCAlnn aQwRmySxznojsEl+X41UaJ6QFcoCphucOHoO9MeVzuNzgOgodXXEvlA8OJAqxRbE5AqB0leJ z1PfyrF1lsy8ETPRGKUKPBVed1vpZCQBfd/5RksOYBGhyfQ8p0w0hGs8SG6Xl6UtorJ+baLZ ZtnYbakfroxQBsF4bD/0P4fZ8wvTUDNLT8WN/9KFoTXrKn2pTLD+V9iw6nQAH4LSPw0G8XsL ce3Ihkf/2bvorGCUO7YXG4u6FPzEHsa/ZNfWHA5kbpGfwe2OVYNeI7kCDQRYKXEdARAAxYOE 3/AFmEfQ0SVVFujYFhZKX+BGXolYytC2a1soZogVYTIIlypxkRtN+ljteFAY3xX/El7cx5Fx j+uXvLKAm9xQRI/DCug7/NGULMk9bDK5bzSGw817cyiL5Kb+0RkWj2Y5ArOAK6XPGBZWZTHw yIawsSCN9AhDXZQWVRqkR1QXcq3IYKl+OHWMO7+1VfixCSakNf7T/Kiq46rQEPW8Eghk6CVO BR8xUCBbyk5aRW4VSGO6pUD3H21ur+5fTLsVyan1NHhxNNiXfnEJKr+JI5dXSkj7WqA5n8IT aNdFSAttkdT56wAQpxE2h8zaOmBaFUWQ4D8SdXDVymP5QMtLG+ItMMiNV6kXgsRFugAKM5yZ tPP9gIX+ic8QO5iuct37bRXJU/rmrH54Ab0kyAeeRE7oSsfTZPKvgtUh7VLAUEw/wy6TORJH E8JMaX0yYT6h4PGRS3mNM4bka8hjdfcrexI0zSqFOl2I22zQlG3YqSzIvVh98W67hxfAIaCV aTfJLFPEru3drxNwi6ogdkRmcLGKqqTgeYItrvITyFvzqbrcO2exp0KKEK3cDIZypqHHUf4+ uPlDtuExehLsNOMpjP8qhZpFtyLeDS07qunbvstcyvR30wOJ3DyAbHGzq739UyDcO9Jt5jwO DyVwk3MK5Em4pJ0+IAJx+F6gta0Bk2MAEQEAAYkCJQQYAQgADwUCWClxHQIbDAUJCWYBgAAK CRAO2D86RorIs0ykD/4t151SZG9MbeKRVKbs9Ecjady9bO0L3oBos4rhqY12ha8smFlsUzvb gB4CtkBuXQlq+plOBWv+rFEThOzy3bezgEDjlxycoO1W2wJD6E7Fo9fkHT6UOm9fQBkuKRqK 83OGnfM02qP1Ky8d7EoZz+nTSMf/DJgWw1YRKrXkMHBwKD83lCENsmePWE5AjMqk8cojPv9O y1wWy6fHjwx3r+wQSokBNfxgQyAFonmgBbhlic/pZUYRSIcldyUlaomrjFfr4egzmNE7aWDv LwOUYKevBIeJJcqTyfAn3TtJbPCEHOC2+lP6EcmPFyhQdiia+RqOClumqbWOPeQ2VM8j7NWv KKmBNBB5OJ/rmHogbNU+wWPJ723qMBoOp1jIwFNkQhx01W6v55VMwLr+IuBKY1ggJ2BhwQiG pWv4tMc5oB/qVh3my1VO65ErcJ3S9blpwJdDj5/YDOU7BKEmpRUP+xkaryNzH2x7FzrOOHzJ BX6jeYZabGvnTicQlBAzfGpblFqV3YN6EhCF2AHmGLTZ/DrjGYToIsW8cXlEMqN4u8ODEUY0 OhbnytnopKJKk99bwMoCqDkfQvT3LKDWtZj9NzFndfuoKXsVpwAitrG0mau0/16DKDyVWdtJ 9DYmtE40zO6g70VVxUj+dKt2hbJTy/KQTb7Ijhw7wZrGp/P7nhbVyA==
Message-ID: <aaa7bbd7-fe9d-7b23-ede0-b42675330c42@nielstenoever.net>
Date: Wed, 12 Jun 2019 12:38:34 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0
MIME-Version: 1.0
In-Reply-To: <d66b60ab-3aaa-d45d-3f47-d2c00f89119d@article19.org>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Authenticated-As-Hash: f1842a279235a42f6aa2a2a81130733515c5a4ec
X-Virus-Scanned: by clamav at smarthost1.samage.net
X-Scan-Signature: 01ccc3eb840dc35651f50b798cb06ae8
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/ewaWnE1BEKwVbn13xMWbjKS4AeU>
Subject: Re: [hrpc] Protocol/Architecture consideration of Attribution & right of legal remedy (was: Re: I-D Action: draft-irtf-hrpc-guidelines-03.txt)
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "mail@nielstenoever.net" <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2019 10:39:12 -0000

On 6/12/19 12:13 PM, Amelia Andersdotter wrote:
> On 2019-06-11 17:43, John Curran wrote:
>>
>> A very interesting question…  I was not so much advocating for a
>> particular set of norms regarding attribution, but simply some
>> recognition that protocol/architecture design decisions can impact the
>> ability to attribute communications and thus can hinder exercise of
>> rights (such as legal remedy) when attribution is necessary for
>> exercise of same. 
>>
> The conflict is, I guess, even weedier. Anonymity is a human right, and
> can be crucial for freedom of expression, whistleblowing or criticism.
> So we might have to do a deeper dive into the attribution vs anonymity.
> 

I don't think anonymity is a human right in itself; the UDHR and ICCPR do not address it, but anonymity can be an important precondition for people to exercise their freedom of expression. 

https://www.ohchr.org/EN/Issues/FreedomOpinion/Pages/CallForSubmission.aspx

> Normally, human rights are obligations on governments and duties on
> companies to respect individuals. The attribution problem, however,
> seems to me to arise when governments or companies find that individuals
> have not respected their rights, or when individuals have not respected
> other individuals. Because the attribution problem in this sense occurs
> in a "reverse setting" (individual -> individual or individual ->
> government/company settings rather than government/company -> individual
> settings), I'd be cautious to include it in RFC8280.
> 

This is why I thought it might make sense to institute attribution vis a vis corporate actors, which could subsequently be the vocal point for legal action. This could work as: accountability for the powerful, and protection for the individual.

Happy to discuss!

Best,

Niels


> best regards,
> 
> Amelia
> 
> 
>> While I think that much more dialogue would be necessary to understand
>> if there is indeed an widely-accepted set of norm that should be used
>> for protocol assessment in this area, your point regarding legal
>> entity attribution vs natural persons is well taken, and might be
>> raised in the mind of a potential protocol designer (or reviewer) by
>> the addition of an additional question, as follows:
>>
>>       Question(s): Does your protocol/architecture prevent attribution
>>     of those parties 
>>       involved in communication, and can the protocol readily be used
>>     for communication
>>       which harm the security of recipient?  What, if any, mechanisms
>>     within the protocol 
>>       or architecture are provided for a recipient of communications
>>     to obtain redress
>>       from communication which causes harm?  If no such mechanisms
>>     available, does 
>>       the protocol/architecture provide sufficient information
>>     attributing the source of 
>>       communication to facilitate a recipient exercising their right
>>     to legal remedy? 
>>      /*If attribution to a natural person is not available, does the
>>     protocol/architecture*/
>>     /*  provide any mechanisms*//* for *//*obtaining contact
>>     information for a legal entity*/*/ /*
>>     */  responsible /**/(or /**/representing /**/those responsible)
>>     for the /*/*communication?*/
>>
>>
>> This raises the very pragmatic point that attribution to natural
>> persons is not necessarily a 
>> desirable outcome, but that some consideration of alternative
>> mechanisms for attribution 
>> may still facilitate exercise of the "legal remedy" human right.
>>
>> Thoughts?
>> /John
>>
>> p.s. (Disclaimer: my views alone - no one else is foolish enough to
>> claim them! ;-) 
>>
>>
>>
>>
>>
>> _______________________________________________
>> hrpc mailing list
>> hrpc@irtf.org
>> https://www.irtf.org/mailman/listinfo/hrpc
> 
> 

-- 
Niels ten Oever
Researcher and PhD Candidate
DATACTIVE Research Group
University of Amsterdam

PGP fingerprint	   2458 0B70 5C4A FD8A 9488  
                   643A 0ED8 3F3A 468A C8B3

v2.23.0 | Report a Bug | By Email