Re: [hrpc] Protocol/Architecture consideration of Attribution & right of legal remedy (was: Re: I-D Action: draft-irtf-hrpc-guidelines-03.txt)
Niels ten Oever <mail@nielstenoever.net> Wed, 12 June 2019 10:39 UTC
Return-Path: <mail@nielstenoever.net>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A24B12008D for <hrpc@ietfa.amsl.com>; Wed, 12 Jun 2019 03:39:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mLXzAoIc1Wd6 for <hrpc@ietfa.amsl.com>; Wed, 12 Jun 2019 03:39:09 -0700 (PDT)
Received: from smarthost1.greenhost.nl (smarthost1.greenhost.nl [195.190.28.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 281CC12007A for <hrpc@irtf.org>; Wed, 12 Jun 2019 03:39:08 -0700 (PDT)
Received: from smtp.greenhost.nl ([213.108.110.112]) by smarthost1.greenhost.nl with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mail@nielstenoever.net>) id 1hb0eI-0003Kw-WC; Wed, 12 Jun 2019 12:39:05 +0200
To: Amelia Andersdotter <amelia@article19.org>, John Curran <jcurran@istaff.org>
Cc: hrpc@irtf.org
References: <155989623088.20255.12181969220178709616@ietfa.amsl.com> <C550D5BC-8062-4C58-8CEC-B82B2798C1D9@istaff.org> <71b7350e-cb75-aba1-1717-50d1069531b1@nielstenoever.net> <B8D9823F-2D42-42DF-AE8A-6E67532DA4D1@istaff.org> <d66b60ab-3aaa-d45d-3f47-d2c00f89119d@article19.org>
From: Niels ten Oever <mail@nielstenoever.net>
Openpgp: preference=signencrypt
Autocrypt: addr=mail@nielstenoever.net; prefer-encrypt=mutual; keydata= mQINBFgpcR0BEACnfvNwTMlN+pyZT0AFYhWqxG3N4AoPIeNfbxLQH7dk8ZL7Ls05xtORfnu9 ovoaRrZpDufkMviUFidNYePbQNdgf63vWVgwpQR7utluwWraetcmZOu6tayJuyBK2b6d2Z23 MJAQxfa2/GMlN3QkvobaoyKtgbc8rOCgNla7WwkgtiVJ89xbAUHXPFpKWZluVRjaFh4p5C5r 7E5OvUiEGLQ5Cn2ir2PGIyIVqjB+hLTyaI6dIGCz2jtL0RATjmsmYUX7UkU/pz8MPPC2BJ5P KU9pdXMRBhAStxcph8vCo2ze9xSi3+1/5A2ULVtvO4s0hZ+exbTfMxMg3H5CCRFEEJXlQEXa Cd0ZHvqcv5xq8n9w/Ccd0CqYWATIwyP8Jlzd+BY3QGTWnWlgoAbs3Guh/pFYhEFNuuAF5Jk1 k5OlNGsRE/LQJmbT5SE7AtLJLbWewcHlEyIH+K6J8uVa4ExLXmRy+eRkFaxjGy3fLlUpy1Ee 1kU7VsQ/TZ8g8ujsMzxqsdB6y0TD/kVlWaDqPL6F+b+pm3lAuCBGWM1YZROTG58R6pD7sNVm i0ift4dIttAsg+2KoShm9A8kQ3tACXZDgNPC0l7VOqnVayjnF0RmjGeiX7PjOcLQCZ9a5wAH 5mrXMaKvfszqAVkP9HSrk1QVZOipF6vEimL43Czy7Rp1aUaUwwARAQABtChOaWVscyB0ZW4g T2V2ZXIgPG1haWxAbmllbHN0ZW5vZXZlci5uZXQ+iQJZBBMBCABDAhsjBQkJZgGABwsJCAcD AgEGFQgCCQoLBBYCAwECHgECF4AWIQQkWAtwXEr9ipSIZDoO2D86RorIswUCWyJaFgIZAQAK CRAO2D86RorIs8I2D/wNc4kT+dRC3Y9lSygeVWuxNj21z/QlbNvfXx9NicgBx4uCjsCm0ZhS 6qnp0uHYZYr8rdIzrL3GazyEuG9uvNzZBvIHm92UY1x0NH0TOVbGwJCWKULStvg9S+DjmNgp x8XM9amCtuXZyCiESeoOVRUanzD1JIidJtKgDfxvC63kqYoXl3azP0ra2nZbpktMm2fW5YdN D6kp6otjBH/jtpLay1CpVDS2Ehl3rLXJVUu96hlBnQB8q+64qyhTZ23HnbU+ib5Zb3OFgYoB KHjukJ4tV4x9rQprCQeirKX627vcNniDPnMp/nr9Qww6iVidX2vsG/22cx8MqLfs4B9tOVCJ Ft9D7MOwxOWgKnaYvrPZBOEmnuGq7btQe1tQZukL1Z83jKkV/e43k1gJaRt4Nl3/6YYCAlnn aQwRmySxznojsEl+X41UaJ6QFcoCphucOHoO9MeVzuNzgOgodXXEvlA8OJAqxRbE5AqB0leJ z1PfyrF1lsy8ETPRGKUKPBVed1vpZCQBfd/5RksOYBGhyfQ8p0w0hGs8SG6Xl6UtorJ+baLZ ZtnYbakfroxQBsF4bD/0P4fZ8wvTUDNLT8WN/9KFoTXrKn2pTLD+V9iw6nQAH4LSPw0G8XsL ce3Ihkf/2bvorGCUO7YXG4u6FPzEHsa/ZNfWHA5kbpGfwe2OVYNeI7kCDQRYKXEdARAAxYOE 3/AFmEfQ0SVVFujYFhZKX+BGXolYytC2a1soZogVYTIIlypxkRtN+ljteFAY3xX/El7cx5Fx j+uXvLKAm9xQRI/DCug7/NGULMk9bDK5bzSGw817cyiL5Kb+0RkWj2Y5ArOAK6XPGBZWZTHw yIawsSCN9AhDXZQWVRqkR1QXcq3IYKl+OHWMO7+1VfixCSakNf7T/Kiq46rQEPW8Eghk6CVO BR8xUCBbyk5aRW4VSGO6pUD3H21ur+5fTLsVyan1NHhxNNiXfnEJKr+JI5dXSkj7WqA5n8IT aNdFSAttkdT56wAQpxE2h8zaOmBaFUWQ4D8SdXDVymP5QMtLG+ItMMiNV6kXgsRFugAKM5yZ tPP9gIX+ic8QO5iuct37bRXJU/rmrH54Ab0kyAeeRE7oSsfTZPKvgtUh7VLAUEw/wy6TORJH E8JMaX0yYT6h4PGRS3mNM4bka8hjdfcrexI0zSqFOl2I22zQlG3YqSzIvVh98W67hxfAIaCV aTfJLFPEru3drxNwi6ogdkRmcLGKqqTgeYItrvITyFvzqbrcO2exp0KKEK3cDIZypqHHUf4+ uPlDtuExehLsNOMpjP8qhZpFtyLeDS07qunbvstcyvR30wOJ3DyAbHGzq739UyDcO9Jt5jwO DyVwk3MK5Em4pJ0+IAJx+F6gta0Bk2MAEQEAAYkCJQQYAQgADwUCWClxHQIbDAUJCWYBgAAK CRAO2D86RorIs0ykD/4t151SZG9MbeKRVKbs9Ecjady9bO0L3oBos4rhqY12ha8smFlsUzvb gB4CtkBuXQlq+plOBWv+rFEThOzy3bezgEDjlxycoO1W2wJD6E7Fo9fkHT6UOm9fQBkuKRqK 83OGnfM02qP1Ky8d7EoZz+nTSMf/DJgWw1YRKrXkMHBwKD83lCENsmePWE5AjMqk8cojPv9O y1wWy6fHjwx3r+wQSokBNfxgQyAFonmgBbhlic/pZUYRSIcldyUlaomrjFfr4egzmNE7aWDv LwOUYKevBIeJJcqTyfAn3TtJbPCEHOC2+lP6EcmPFyhQdiia+RqOClumqbWOPeQ2VM8j7NWv KKmBNBB5OJ/rmHogbNU+wWPJ723qMBoOp1jIwFNkQhx01W6v55VMwLr+IuBKY1ggJ2BhwQiG pWv4tMc5oB/qVh3my1VO65ErcJ3S9blpwJdDj5/YDOU7BKEmpRUP+xkaryNzH2x7FzrOOHzJ BX6jeYZabGvnTicQlBAzfGpblFqV3YN6EhCF2AHmGLTZ/DrjGYToIsW8cXlEMqN4u8ODEUY0 OhbnytnopKJKk99bwMoCqDkfQvT3LKDWtZj9NzFndfuoKXsVpwAitrG0mau0/16DKDyVWdtJ 9DYmtE40zO6g70VVxUj+dKt2hbJTy/KQTb7Ijhw7wZrGp/P7nhbVyA==
Message-ID: <aaa7bbd7-fe9d-7b23-ede0-b42675330c42@nielstenoever.net>
Date: Wed, 12 Jun 2019 12:38:34 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0
MIME-Version: 1.0
In-Reply-To: <d66b60ab-3aaa-d45d-3f47-d2c00f89119d@article19.org>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Authenticated-As-Hash: f1842a279235a42f6aa2a2a81130733515c5a4ec
X-Virus-Scanned: by clamav at smarthost1.samage.net
X-Scan-Signature: 01ccc3eb840dc35651f50b798cb06ae8
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/ewaWnE1BEKwVbn13xMWbjKS4AeU>
Subject: Re: [hrpc] Protocol/Architecture consideration of Attribution & right of legal remedy (was: Re: I-D Action: draft-irtf-hrpc-guidelines-03.txt)
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "mail@nielstenoever.net" <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2019 10:39:12 -0000
On 6/12/19 12:13 PM, Amelia Andersdotter wrote: > On 2019-06-11 17:43, John Curran wrote: >> >> A very interesting question… I was not so much advocating for a >> particular set of norms regarding attribution, but simply some >> recognition that protocol/architecture design decisions can impact the >> ability to attribute communications and thus can hinder exercise of >> rights (such as legal remedy) when attribution is necessary for >> exercise of same. >> > The conflict is, I guess, even weedier. Anonymity is a human right, and > can be crucial for freedom of expression, whistleblowing or criticism. > So we might have to do a deeper dive into the attribution vs anonymity. > I don't think anonymity is a human right in itself; the UDHR and ICCPR do not address it, but anonymity can be an important precondition for people to exercise their freedom of expression. https://www.ohchr.org/EN/Issues/FreedomOpinion/Pages/CallForSubmission.aspx > Normally, human rights are obligations on governments and duties on > companies to respect individuals. The attribution problem, however, > seems to me to arise when governments or companies find that individuals > have not respected their rights, or when individuals have not respected > other individuals. Because the attribution problem in this sense occurs > in a "reverse setting" (individual -> individual or individual -> > government/company settings rather than government/company -> individual > settings), I'd be cautious to include it in RFC8280. > This is why I thought it might make sense to institute attribution vis a vis corporate actors, which could subsequently be the vocal point for legal action. This could work as: accountability for the powerful, and protection for the individual. Happy to discuss! Best, Niels > best regards, > > Amelia > > >> While I think that much more dialogue would be necessary to understand >> if there is indeed an widely-accepted set of norm that should be used >> for protocol assessment in this area, your point regarding legal >> entity attribution vs natural persons is well taken, and might be >> raised in the mind of a potential protocol designer (or reviewer) by >> the addition of an additional question, as follows: >> >> Question(s): Does your protocol/architecture prevent attribution >> of those parties >> involved in communication, and can the protocol readily be used >> for communication >> which harm the security of recipient? What, if any, mechanisms >> within the protocol >> or architecture are provided for a recipient of communications >> to obtain redress >> from communication which causes harm? If no such mechanisms >> available, does >> the protocol/architecture provide sufficient information >> attributing the source of >> communication to facilitate a recipient exercising their right >> to legal remedy? >> /*If attribution to a natural person is not available, does the >> protocol/architecture*/ >> /* provide any mechanisms*//* for *//*obtaining contact >> information for a legal entity*/*/ /* >> */ responsible /**/(or /**/representing /**/those responsible) >> for the /*/*communication?*/ >> >> >> This raises the very pragmatic point that attribution to natural >> persons is not necessarily a >> desirable outcome, but that some consideration of alternative >> mechanisms for attribution >> may still facilitate exercise of the "legal remedy" human right. >> >> Thoughts? >> /John >> >> p.s. (Disclaimer: my views alone - no one else is foolish enough to >> claim them! ;-) >> >> >> >> >> >> _______________________________________________ >> hrpc mailing list >> hrpc@irtf.org >> https://www.irtf.org/mailman/listinfo/hrpc > > -- Niels ten Oever Researcher and PhD Candidate DATACTIVE Research Group University of Amsterdam PGP fingerprint 2458 0B70 5C4A FD8A 9488 643A 0ED8 3F3A 468A C8B3
- [hrpc] I-D Action: draft-irtf-hrpc-guidelines-03.… internet-drafts
- Re: [hrpc] I-D Action: draft-irtf-hrpc-guidelines… Gurshabad Grover
- [hrpc] Protocol/Architecture consideration of Att… John Curran
- Re: [hrpc] Protocol/Architecture consideration of… Niels ten Oever
- Re: [hrpc] Protocol/Architecture consideration of… John Curran
- Re: [hrpc] Protocol/Architecture consideration of… Amelia Andersdotter
- Re: [hrpc] Protocol/Architecture consideration of… Niels ten Oever
- Re: [hrpc] Protocol/Architecture consideration of… John Curran
- Re: [hrpc] Protocol/Architecture consideration of… farzaneh badii
- Re: [hrpc] Protocol/Architecture consideration of… John Curran
- Re: [hrpc] Protocol/Architecture consideration of… Ted Lemon
- Re: [hrpc] Protocol/Architecture consideration of… farzaneh badii
- Re: [hrpc] Protocol/Architecture consideration of… farzaneh badii
- Re: [hrpc] Protocol/Architecture consideration of… John Curran
- Re: [hrpc] Protocol/Architecture consideration of… John Curran
- Re: [hrpc] Protocol/Architecture consideration of… bzs
- Re: [hrpc] Protocol/Architecture consideration of… Pranesh Prakash