IETF Logo Mail Archive

Re: [hrpc] Protocol/Architecture consideration of Attribution & right of legal remedy (was: Re: I-D Action: draft-irtf-hrpc-guidelines-03.txt)

Niels ten Oever <mail@nielstenoever.net> Mon, 10 June 2019 14:46 UTC

Return-Path: <mail@nielstenoever.net>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2B2A120199 for <hrpc@ietfa.amsl.com>; Mon, 10 Jun 2019 07:46:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5V-IpaC24Jkw for <hrpc@ietfa.amsl.com>; Mon, 10 Jun 2019 07:46:41 -0700 (PDT)
Received: from smarthost1.greenhost.nl (smarthost1.greenhost.nl [195.190.28.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E471B12006A for <hrpc@irtf.org>; Mon, 10 Jun 2019 07:46:40 -0700 (PDT)
Received: from smtp.greenhost.nl ([213.108.110.112]) by smarthost1.greenhost.nl with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mail@nielstenoever.net>) id 1haLYl-0001OD-Cj for hrpc@irtf.org; Mon, 10 Jun 2019 16:46:37 +0200
To: hrpc@irtf.org
References: <155989623088.20255.12181969220178709616@ietfa.amsl.com> <C550D5BC-8062-4C58-8CEC-B82B2798C1D9@istaff.org>
From: Niels ten Oever <mail@nielstenoever.net>
Openpgp: preference=signencrypt
Autocrypt: addr=mail@nielstenoever.net; prefer-encrypt=mutual; keydata= mQINBFgpcR0BEACnfvNwTMlN+pyZT0AFYhWqxG3N4AoPIeNfbxLQH7dk8ZL7Ls05xtORfnu9 ovoaRrZpDufkMviUFidNYePbQNdgf63vWVgwpQR7utluwWraetcmZOu6tayJuyBK2b6d2Z23 MJAQxfa2/GMlN3QkvobaoyKtgbc8rOCgNla7WwkgtiVJ89xbAUHXPFpKWZluVRjaFh4p5C5r 7E5OvUiEGLQ5Cn2ir2PGIyIVqjB+hLTyaI6dIGCz2jtL0RATjmsmYUX7UkU/pz8MPPC2BJ5P KU9pdXMRBhAStxcph8vCo2ze9xSi3+1/5A2ULVtvO4s0hZ+exbTfMxMg3H5CCRFEEJXlQEXa Cd0ZHvqcv5xq8n9w/Ccd0CqYWATIwyP8Jlzd+BY3QGTWnWlgoAbs3Guh/pFYhEFNuuAF5Jk1 k5OlNGsRE/LQJmbT5SE7AtLJLbWewcHlEyIH+K6J8uVa4ExLXmRy+eRkFaxjGy3fLlUpy1Ee 1kU7VsQ/TZ8g8ujsMzxqsdB6y0TD/kVlWaDqPL6F+b+pm3lAuCBGWM1YZROTG58R6pD7sNVm i0ift4dIttAsg+2KoShm9A8kQ3tACXZDgNPC0l7VOqnVayjnF0RmjGeiX7PjOcLQCZ9a5wAH 5mrXMaKvfszqAVkP9HSrk1QVZOipF6vEimL43Czy7Rp1aUaUwwARAQABtChOaWVscyB0ZW4g T2V2ZXIgPG1haWxAbmllbHN0ZW5vZXZlci5uZXQ+iQJZBBMBCABDAhsjBQkJZgGABwsJCAcD AgEGFQgCCQoLBBYCAwECHgECF4AWIQQkWAtwXEr9ipSIZDoO2D86RorIswUCWyJaFgIZAQAK CRAO2D86RorIs8I2D/wNc4kT+dRC3Y9lSygeVWuxNj21z/QlbNvfXx9NicgBx4uCjsCm0ZhS 6qnp0uHYZYr8rdIzrL3GazyEuG9uvNzZBvIHm92UY1x0NH0TOVbGwJCWKULStvg9S+DjmNgp x8XM9amCtuXZyCiESeoOVRUanzD1JIidJtKgDfxvC63kqYoXl3azP0ra2nZbpktMm2fW5YdN D6kp6otjBH/jtpLay1CpVDS2Ehl3rLXJVUu96hlBnQB8q+64qyhTZ23HnbU+ib5Zb3OFgYoB KHjukJ4tV4x9rQprCQeirKX627vcNniDPnMp/nr9Qww6iVidX2vsG/22cx8MqLfs4B9tOVCJ Ft9D7MOwxOWgKnaYvrPZBOEmnuGq7btQe1tQZukL1Z83jKkV/e43k1gJaRt4Nl3/6YYCAlnn aQwRmySxznojsEl+X41UaJ6QFcoCphucOHoO9MeVzuNzgOgodXXEvlA8OJAqxRbE5AqB0leJ z1PfyrF1lsy8ETPRGKUKPBVed1vpZCQBfd/5RksOYBGhyfQ8p0w0hGs8SG6Xl6UtorJ+baLZ ZtnYbakfroxQBsF4bD/0P4fZ8wvTUDNLT8WN/9KFoTXrKn2pTLD+V9iw6nQAH4LSPw0G8XsL ce3Ihkf/2bvorGCUO7YXG4u6FPzEHsa/ZNfWHA5kbpGfwe2OVYNeI7kCDQRYKXEdARAAxYOE 3/AFmEfQ0SVVFujYFhZKX+BGXolYytC2a1soZogVYTIIlypxkRtN+ljteFAY3xX/El7cx5Fx j+uXvLKAm9xQRI/DCug7/NGULMk9bDK5bzSGw817cyiL5Kb+0RkWj2Y5ArOAK6XPGBZWZTHw yIawsSCN9AhDXZQWVRqkR1QXcq3IYKl+OHWMO7+1VfixCSakNf7T/Kiq46rQEPW8Eghk6CVO BR8xUCBbyk5aRW4VSGO6pUD3H21ur+5fTLsVyan1NHhxNNiXfnEJKr+JI5dXSkj7WqA5n8IT aNdFSAttkdT56wAQpxE2h8zaOmBaFUWQ4D8SdXDVymP5QMtLG+ItMMiNV6kXgsRFugAKM5yZ tPP9gIX+ic8QO5iuct37bRXJU/rmrH54Ab0kyAeeRE7oSsfTZPKvgtUh7VLAUEw/wy6TORJH E8JMaX0yYT6h4PGRS3mNM4bka8hjdfcrexI0zSqFOl2I22zQlG3YqSzIvVh98W67hxfAIaCV aTfJLFPEru3drxNwi6ogdkRmcLGKqqTgeYItrvITyFvzqbrcO2exp0KKEK3cDIZypqHHUf4+ uPlDtuExehLsNOMpjP8qhZpFtyLeDS07qunbvstcyvR30wOJ3DyAbHGzq739UyDcO9Jt5jwO DyVwk3MK5Em4pJ0+IAJx+F6gta0Bk2MAEQEAAYkCJQQYAQgADwUCWClxHQIbDAUJCWYBgAAK CRAO2D86RorIs0ykD/4t151SZG9MbeKRVKbs9Ecjady9bO0L3oBos4rhqY12ha8smFlsUzvb gB4CtkBuXQlq+plOBWv+rFEThOzy3bezgEDjlxycoO1W2wJD6E7Fo9fkHT6UOm9fQBkuKRqK 83OGnfM02qP1Ky8d7EoZz+nTSMf/DJgWw1YRKrXkMHBwKD83lCENsmePWE5AjMqk8cojPv9O y1wWy6fHjwx3r+wQSokBNfxgQyAFonmgBbhlic/pZUYRSIcldyUlaomrjFfr4egzmNE7aWDv LwOUYKevBIeJJcqTyfAn3TtJbPCEHOC2+lP6EcmPFyhQdiia+RqOClumqbWOPeQ2VM8j7NWv KKmBNBB5OJ/rmHogbNU+wWPJ723qMBoOp1jIwFNkQhx01W6v55VMwLr+IuBKY1ggJ2BhwQiG pWv4tMc5oB/qVh3my1VO65ErcJ3S9blpwJdDj5/YDOU7BKEmpRUP+xkaryNzH2x7FzrOOHzJ BX6jeYZabGvnTicQlBAzfGpblFqV3YN6EhCF2AHmGLTZ/DrjGYToIsW8cXlEMqN4u8ODEUY0 OhbnytnopKJKk99bwMoCqDkfQvT3LKDWtZj9NzFndfuoKXsVpwAitrG0mau0/16DKDyVWdtJ 9DYmtE40zO6g70VVxUj+dKt2hbJTy/KQTb7Ijhw7wZrGp/P7nhbVyA==
Message-ID: <71b7350e-cb75-aba1-1717-50d1069531b1@nielstenoever.net>
Date: Mon, 10 Jun 2019 16:46:06 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0
MIME-Version: 1.0
In-Reply-To: <C550D5BC-8062-4C58-8CEC-B82B2798C1D9@istaff.org>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Authenticated-As-Hash: f1842a279235a42f6aa2a2a81130733515c5a4ec
X-Virus-Scanned: by clamav at smarthost1.samage.net
X-Scan-Signature: d40e2d9e04d28df092fb73f3743f8c9c
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/ggA4VpdwLnHtZuPScqwgpcX5WNg>
Subject: Re: [hrpc] Protocol/Architecture consideration of Attribution & right of legal remedy (was: Re: I-D Action: draft-irtf-hrpc-guidelines-03.txt)
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "mail@nielstenoever.net" <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jun 2019 14:46:44 -0000


On 6/9/19 9:36 PM, John Curran wrote:
> On 7 Jun 2019, at 4:30 AM, internet-drafts@ietf.org wrote:
>>   This document sets guidelines for human rights considerations in
>>   networking protocols, similar to the work done on the guidelines for
>>   privacy considerations [RFC6973].  This is an updated version of the
>>   guidelines for human rights considerations in [RFC8280].
> 
> Folks - 
> 
> The draft notes that the human right of legal remedy (recourse before competent tribunal for violations of other fundamental rights) may be relevant when evaluating impacts of a protocol/architecture, but does not presently show any example of a relationship within the various consideration sections.  
> 
> I would note that, encouraged by the operator community, the IETF has previously considered possible impacts that various architecture & protocols can have on this human right – as effective legal remedy often requires attribution in order to determine applicable law and jurisdiction and protocols/archictures can significantly preclude attribution.  For an example of IETF consideration of one such consideration, see BCP162/RFC6302 ("Logging Recommendations for Internet-Facing Servers”) that provides logging recommendations to facilitate better endpoint attribution during abuse and public safety queries.
> 
> It is not necessary for draft-irtf-hrpc-guidelines to reflect the potential for protocols/architectures to impact the human right of legal remedy, but I believe that omitting an any reference will result in a guide for conducting HR reviews which is incomplete, and not reflect the understanding already present in the community that that there are indeed tradeoffs in human right tradeoffs being made in protocol design – hopefully tradeoffs that consider the overall intent of the IETF to have an Internet which supports effective exercise of the rights of freedom of expression and association.
> 
> To that end, I’d suggest adding the following section on "Attribution to present list of considerations used during protocol assessment.
> 
> Thanks!
> /John
> 
> ===
> 
> 3.3.n  Attribution
> 
>    Question(s): Does your protocol/architecture prevent attribution of those parties 
>    involved in communication, and can the protocol readily be used for communication
>    which harm the security of recipient?  What, if any, mechanisms within the protocol 
>    or architecture are provided for a recipient of communications to obtain redress
>    from communication which causes harm?  If no such mechanisms available, does 
>    the protocol/architecture provide sufficient information attributing the source of 
>    communication to facilitate a recipient exercising their right to legal remedy? 
> 
>    Explanation: While anonymity and pseudonymity are very important attributes 
>    for protecting several human rights (e.g. those related to freedom of expression 
>    and association),  it is also possible for parties to use communication capabilities
>    to harm others.  Protocols/architectures should consider the potential for harm in
>    their use, the architectural mechanisms available to mitigate this risk of harm, the 
>    protocol properties that might impact persons exercising their right of legal remedy,
>    and the resulting impact to individuals right of security of person when using the 
>    protocol. 
> 
>    Impacts:
> 
>    -  Right to security 
> 
>    -  Right to legal remedy

This is quite an interesting proposal, and one that I would not oppose. But maybe I could suggestion some granularity that is inspired by the current WHOIS discussions. Perhaps we can seek to provide attribution vis a vis responsible legal entities, and protection vis a vis natural persons?

This would for instance provide LEAs with a point of contact that they can approach with a warrant (for instance AS contact), but protect natural persons.

Would this make sense?

Cheers,

Niels


> 
> ===
> 
> Disclaimer: my views alone (and no intention to harm the security of others thru this communication) 
> 
> 
> _______________________________________________
> hrpc mailing list
> hrpc@irtf.org
> https://www.irtf.org/mailman/listinfo/hrpc
> 

-- 
Niels ten Oever
Researcher and PhD Candidate
DATACTIVE Research Group
University of Amsterdam

PGP fingerprint	   2458 0B70 5C4A FD8A 9488  
                   643A 0ED8 3F3A 468A C8B3

v2.23.0 | Report a Bug | By Email