IETF Logo Mail Archive

Re: [hrpc] Protocol/Architecture consideration of Attribution & right of legal remedy (was: Re: I-D Action: draft-irtf-hrpc-guidelines-03.txt)

Amelia Andersdotter <amelia@article19.org> Wed, 12 June 2019 10:14 UTC

Return-Path: <amelia@article19.org>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72C9D120137 for <hrpc@ietfa.amsl.com>; Wed, 12 Jun 2019 03:14:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WVizJPQj1cDF for <hrpc@ietfa.amsl.com>; Wed, 12 Jun 2019 03:14:17 -0700 (PDT)
Received: from smarthost1.greenhost.nl (smarthost1.greenhost.nl [195.190.28.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B5D21200FA for <hrpc@irtf.org>; Wed, 12 Jun 2019 03:14:17 -0700 (PDT)
Received: from smtp.greenhost.nl ([213.108.110.112]) by smarthost1.greenhost.nl with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <amelia@article19.org>) id 1hb0GE-0007AB-ND; Wed, 12 Jun 2019 12:14:13 +0200
To: John Curran <jcurran@istaff.org>, Niels ten Oever <mail@nielstenoever.net>
Cc: hrpc@irtf.org
References: <155989623088.20255.12181969220178709616@ietfa.amsl.com> <C550D5BC-8062-4C58-8CEC-B82B2798C1D9@istaff.org> <71b7350e-cb75-aba1-1717-50d1069531b1@nielstenoever.net> <B8D9823F-2D42-42DF-AE8A-6E67532DA4D1@istaff.org>
From: Amelia Andersdotter <amelia@article19.org>
Openpgp: preference=signencrypt
Autocrypt: addr=amelia@article19.org; prefer-encrypt=mutual; keydata= mQINBFjWlnsBEAC+jUN+LJE+mmxEL8lHSrvg47xSBMb9GdtH1Jr8tRSxXiO6R5E+FydsfqkL sjO0dI3x/VnNBi/kgPFFWiAzDEwGTiR/C9b/Muo+xrY+it6e49N56LTPGezrY2dy5yo6VcLl 7UwGz3fIWiNIj7dvuoPMBoO1uacF073E+dqDM5CmNh6o+OrHW8zhUlC9hKgXCq+8XpZJw90H un1zsHF0sRDiurjfYaCcbdAGK9+th9378ed1ZvLVo5uBVQXdydl3eJkNCOELq7VOS7oxSliA uX5/nj9A4LjeeYXgNbwGfKrMjlffP0FcAcgfzg9seqDd1DEk9EVaUMTr32fbWOQHjinXSC7r Lw4xaNfoBebIe1M6z16Xg7+bXXCTdmJYcL9ugmkvT6tGnR12Pfoca1oBwXPvA0VIRi86kCSU D9qvZ3Vl07MKD2hsvFkGZJOQfEaYv5QLpCWv6RCjfDNC05IyMeSW4H18Fr/BoHX8FXHV3+9H LsbJQ/Zrofd/Cm+TKEmXLAtYc7iXvzV+mw3/u0VYqjEy/CRYa62Ah0NNNVIuswfRVIfx3UZo jX4y8j2Kh0jtUV5A4GGf8H3SzQ/cB0I7wTRHU9mCPVCtH6M26nPumL4Zr4D6uGnAmPf9xnlX lokOn2Qxf/mBldsL41PDbEpYhZvvn5kJ/Z9Qh7Fks/hfTbbJowARAQABtEFBbWVsaWEgQW5k ZXJzZG90dGVyIChUZWNobmljYWwgY29uc3VsdGFudCkgPGFtZWxpYUBhcnRpY2xlMTkub3Jn PokCVAQTAQgAPhYhBD1dtsq4UrmIBVpqb/7xwpS06AtVBQJZbJ97AhsjBQkJZgGABQsJCAcC BhUICQoLAgQWAgMBAh4BAheAAAoJEP7xwpS06AtVgrcQAJYg+mhDhui+9xNb9PuRJbelOI7J WlCjSycfaMi+rTJ9FjVKYIE9aug2VV486BZaeqMoOh5wjl61oeRTDHYG6HvhK4w8O/BVPsL0 8MEfYfpFevZmBsInEJypg0r7VJ/SeO9UyaFKUffgvLyiYwk7zJIgx5dHF5Vch0kTtRNc/Wbe 9MGfhl//1Ztl8GjGqzra7MwzaO12ctTDo7LIvXGqrpYm5g7+hRv3+KYVOJvlh4T4deAzNlX1 F/jj4cOYvJJxP2OMPZxoleQZSf63h0hWnKlQWX3UiUZY/M296V6niGDCQHX1q7oz9YWxwUun mNPltaPnTdvE51N98Q+hhrw39XowN0vYhfphaFNrf/crNKTB5Iqx62aAzYwqXQKlh6EtWAri 2rVB9vXxPv+1eL9t/Kga2JyCjmJVtYJxlZWceyW3EKjK+E7qjr1LHDFjV8ZbvN7QRTdjsuzR Ggz3ECba80Ij2/tASE8IXpT/Zb68NeSx3/nDXkIG13inSvGy8yNovzEADXsGO16GSx5Rool/ ECFhTYksMyM73FkvcpvXo6J+neyGEVKDx1Oy213KgTrAOrA+p2hMI2nX9sI5tvWms8XspwQ5 wtmzDribnZNQzpdrb45Chv56LjrKVer9tmraRq8Qe3mL6jXhMPWLim1OeAx6m3qBzKr3QxuG PdADCLHsuQINBFjWlnsBEADFjusaTo9W8VeWluCK/oJqyyyF1wMvou0ldfuoOpUZrOqsY67T M7yBqsv5COPVgAV+xp+axor5oHWxibd283w0Ok4dK6tvtNGwUqyDRlHtQ92DG/u4Tg5eOwrH NUn73/rfeBD9KhKAXcNKKPoccLgR8oQTXpO7eRo+0NI52pXQ6LdZ0wddYeTcHglsNKN1TK+C yYS7xfGolsZXXoBOKcyhfj/ckPFVIHWpGpEtcYWTZWvXgLprzHvpKzkzNyBwejaXE+bqCT2d Rl3omI/e2t3Vq33hFUUSAdxrFF29vMX/YsSnYqsFOIoayna+TRsDFAfZvbvHBOMckeJzvA8y Bdadw7CM08Uw8wqH7n9BA3oq//QpZJekPfrc2E9nM9H0d51T0uStLMbYDWdwxvfPA3p9z8L9 1vobt8bM/Jbhl9h+X2Yq9oBCiTI7b2izYd9FVG4BwBIdeh3bh9R9HExgRjF3XQ6uafT3pcVO PASdv9FRUYH1Va7QWQifoha0B7UXKx1OpX1Z6XR2NQ9KN2MvlwvBKdHtm6tBzUIFzW6D8vUO xiYKBA4fppJt/LJF4jsaCEyI/CVQnkC0yL5DKFOdigxTipwEL9Uc6r7VfR5OAGFd6vzuJFy+ j+/WhzaVT1oVYp6eQXh0bBtqqH2Mq9sAMnIjvaNYIKiQKgMa1Pa3OWQbQQARAQABiQI8BBgB CAAmFiEEPV22yrhSuYgFWmpv/vHClLToC1UFAljWlnsCGwwFCQlmAYAACgkQ/vHClLToC1Xn Rw//W4lzE8FddceKXGRwO/T1u4uzH9EjPCj+3/eHCrLI+h1m7QPyH1DrFAtZBoA6UoaF0+vI AJXM9/HI1FZ09EUdJr5X/+YREErFom4DbE1FK8fpK1/Hw2zI+7Xa8bVkmYrKhMGhi1Gq6Dtk sn/H4USdJL53ZPt10SVNK7H3w93Yp1GC4+0zWjfrsKfsHYZZr2SZyb5/gZlngfgaqiQLhIcP YmiU1GQi9QWkGxWRxk0YQXBwhekewvgltATxlRSCwguAi4uck9fAct9GGdpsshSOgAb9YIAn EV3EqaGnf0PknXp3vNHAZWrfM+RyuNdm2L5TjDU0rIrvyqGP3pR33cREGOAil5Sz2uFArmws Pt8VffbEXlf7qZqRBKaYeKt0qnxKMx1+e1JilVsfb8qtnAWAFDyR0HMlVj/dvGAmq/auPSOA UWRSnDRyT6rv/vXxrbkL4uxWax46qdpDhR15mS5MTng6b5b3Uox7xlveo/Sx71AdNf4goPvB /ntv0DiMuh+fmLGk3zrxs4Xd30Sx+qQwVaXR5xc5rgnF81wvfmuAOb2eP9mpD6DoabkpxC8f Lk17AK7Q1ZTgcZ+8XLRFnavdPrwCa9RU0BF53lJMSTPzyBcMwZ4sqA6Z5IRFVt7rEbSeeD8R Eiawo+FvVt9j0fKdNEBeaJ3WY5hlhNPcUXr4q1U=
Organization: ARTICLE19
Message-ID: <d66b60ab-3aaa-d45d-3f47-d2c00f89119d@article19.org>
Date: Wed, 12 Jun 2019 12:13:39 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0
MIME-Version: 1.0
In-Reply-To: <B8D9823F-2D42-42DF-AE8A-6E67532DA4D1@istaff.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US-large
X-Virus-Scanned: by clamav at smarthost1.samage.net
X-Scan-Signature: 7cd323abaa3d0c03d168080f9b069a49
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/iQoBfKLJ69nHKPM_UpHnsPz5s-M>
Subject: Re: [hrpc] Protocol/Architecture consideration of Attribution & right of legal remedy (was: Re: I-D Action: draft-irtf-hrpc-guidelines-03.txt)
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "mail@nielstenoever.net" <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2019 10:14:20 -0000

On 2019-06-11 17:43, John Curran wrote:
>
> A very interesting question…  I was not so much advocating for a
> particular set of norms regarding attribution, but simply some
> recognition that protocol/architecture design decisions can impact the
> ability to attribute communications and thus can hinder exercise of
> rights (such as legal remedy) when attribution is necessary for
> exercise of same. 
>
The conflict is, I guess, even weedier. Anonymity is a human right, and
can be crucial for freedom of expression, whistleblowing or criticism.
So we might have to do a deeper dive into the attribution vs anonymity.

Normally, human rights are obligations on governments and duties on
companies to respect individuals. The attribution problem, however,
seems to me to arise when governments or companies find that individuals
have not respected their rights, or when individuals have not respected
other individuals. Because the attribution problem in this sense occurs
in a "reverse setting" (individual -> individual or individual ->
government/company settings rather than government/company -> individual
settings), I'd be cautious to include it in RFC8280.

best regards,

Amelia


> While I think that much more dialogue would be necessary to understand
> if there is indeed an widely-accepted set of norm that should be used
> for protocol assessment in this area, your point regarding legal
> entity attribution vs natural persons is well taken, and might be
> raised in the mind of a potential protocol designer (or reviewer) by
> the addition of an additional question, as follows:
>
>       Question(s): Does your protocol/architecture prevent attribution
>     of those parties 
>       involved in communication, and can the protocol readily be used
>     for communication
>       which harm the security of recipient?  What, if any, mechanisms
>     within the protocol 
>       or architecture are provided for a recipient of communications
>     to obtain redress
>       from communication which causes harm?  If no such mechanisms
>     available, does 
>       the protocol/architecture provide sufficient information
>     attributing the source of 
>       communication to facilitate a recipient exercising their right
>     to legal remedy? 
>      /*If attribution to a natural person is not available, does the
>     protocol/architecture*/
>     /*  provide any mechanisms*//* for *//*obtaining contact
>     information for a legal entity*/*/ /*
>     */  responsible /**/(or /**/representing /**/those responsible)
>     for the /*/*communication?*/
>
>
> This raises the very pragmatic point that attribution to natural
> persons is not necessarily a 
> desirable outcome, but that some consideration of alternative
> mechanisms for attribution 
> may still facilitate exercise of the "legal remedy" human right.
>
> Thoughts?
> /John
>
> p.s. (Disclaimer: my views alone - no one else is foolish enough to
> claim them! ;-) 
>
>
>
>
>
> _______________________________________________
> hrpc mailing list
> hrpc@irtf.org
> https://www.irtf.org/mailman/listinfo/hrpc


-- 
Amelia Andersdotter
Technical Consultant, Digital Programme
Chair, RCM TIG, IEEE 802.11

ARTICLE19
www.article19.org

PGP: 3D5D B6CA B852 B988 055A 6A6F FEF1 C294 B4E8 0B55

v2.23.0 | Report a Bug | By Email