Re: [hrpc] I-D Action: draft-irtf-hrpc-political-05.txt

[Niels ten Oever <mail@nielstenoever.net>]

On 9/21/19 4:13 PM, Eric Rescorla wrote:
>> Niels ten Oever via ietf.org <http://ietf.org>
>>
>> 6:10 AM (48 minutes ago)
>>
>> to hrpc
>>
>>
>> On 9/21/19 3:32 AM, Eric Rescorla wrote:
>> >    Whereas there might not be agreement among the Internet protocol
>> >    community on the specific political nature of the technological
>> >    development process and its outputs, it is generally agreed that
>> >    standards and protocols are both products of a political process, and
>> >    they can also be used for political means.
>> >    
>> > I would like to register my agrement with Andrew and focus in on this
>> > one point: there are many protocols (in fact, by count probably most
>> > protocols) which are just designed by proprietary organizations.  It's
>> > not clear on what basis you are claiming that they are the output of
>> > political processes and this certainly doesn't seem like something
>> > that's generally agreed.
>>
>> Aren't proprietary standards, and the way they make it possible and
>> impossible to do certain things, a prime example of a political
>> process and political impact?
> 
> Well, I don't think without stretching the term "political" outside
> of the point where saying something is political is trivial, no,
> I don't think so.
> 
> Again, let's take the example of SSL, which was designed by Netscape
> for its own market purposes and became a de facto standard because
> Netscape had the dominant browser and people wanted to interoperate
> with it. What's poltical about that process?
> 
> 

There are several political aspects about this, we had for instance text in a previous version that read about dominance and de facto standards:

   Within economy studies, _de facto_ standards arise in market
   situations where one entity is particularly dominant; downstream
   competitors are therefore tied to the dominant entity's technological
   solutions [Ahlborn].  Under EU anti-trust law, _de facto_ standards
   have been found to restrict competition for downstream services in PC
   software products [CJEU2007], as well as downstream services
   dependent on health information [CJEU2004].

Another interesting aspect that SSL introduced were of course certificate authorities, that served as trust anchors, which is ultimately defining trusted authorities. 

SSLv2 was introduced as open standard (while v1 was not), which of course was also quite a change, I reckon I don't need to elaborate on the politics of licensing in this audience. 

> 
>> > I certainly agree that they "can be used"
>> > for political means, though any "can" statement is pretty weak.
>> >
>>
>> If we can document *that*, we would have made a lot of progress in
>> the IETF imho.
> 
> I don't know anyone disagrees with that. 

Great. But I meet them at every IETF meeting, and it is brought up very regularly in discussion.

> But in any case, demonstrating
> that doesn't require hauling in the theoretical apparatus you
> are trying to deploy here, but rather requires *history*. I.e.,
> demonstrate that the process of developing some set of standards
> involved the political process of balancing the objectives of
> the various stakeholders, finding compromise, etc. Given that
> every IETF standards development process I have ever been involved in
> has had some of this, that doesn't seem hard. As a non-IETF example
> "The Box", a history of the shipping container, has a nice description
> of the standardization of that technology.
> > 
>> > This is even true at some level for many standards, especially
>> > because your definition of "standard" is so expansive:
>> >
>> >    Standards  'A standard is an agreed-upon way of doing something or
>> >       measuring something.'  [Sisson]
>> >
>> > By this definition I think it would be pretty hard to argue that
>> > SSLv2,  and SSLv3 weren't standards given their wide use, even
>> > though they were just designed by people at one company.
>>
>> I don't see how that definition would make that impossible.
> 
> I'm not sure I understand your response here. Are you saying that
> protocols defined by one company and that then achieve wide use
> are standards, or they are not?
> 

SSLv2 and SSLv3 were standards because people agreed that they were the standard? For something to be a standard it does not need to be a formal process to accept them as such. 

>> > Another
>> > example would be the Philips screwdriver head. What's the political
>> > process that produced these?
>> >
>> >
>>
>> The patenting of process by Henry F. Philips, the regimes under
>> which is was patented, its competition with other screw heads (torx,
>> etc). There is an enormous amount of politics, and societal ordering
>> connected with screws.
> 
> Again, this just seems to serve to make the definition of "political"
> meaningless. By this definition, what human commercial activity
> would *not* be political, as it all occurs against a political
> backdrop.
> 

A transaction can be political, but of course does not need to be. (Trans)action, such as standards, that change the market, are political activities. 


> 
>> > More generally, it seems like depending on how one interprets the
>> > major claims in this document, they are either too strong (all
>> > protocol and standards development is political)
>>
>> Why is that too strong?
> 
> For the reasons I indicated above: I don't think the development
> of many protocols, especially the small ones which get use internally
> as in, for instance, mobile apps, is generally political, And sometimes
> becoome standards and that's not necessarily political either.
> 
> 
>> > or trivial (some
>> > protocol and standards development is political). The first is too
>> > strong for the reasons I indicate above,
>>
>> I don't think so, but I am happy to discuss.
>>
>> and the second seems pretty
>> > obvious and doesn't really need much theorizing;
>>
>> As said, I think it would be very useful if we would document this,
>> so we don't need to repeat the discussion.
> 
> Well, I'm not sure it matters if we repeat this discussion or
> even come to a conclusion on it. What's at stake in the answer?
> 
> But, again, if you want to demonstrate that standards development
> can be political -- which, as I said, is a rather weak claim --
> then I would discard this document and instead focus on documenting
> the history of the development of some protocols that was clealr
> political.
> 
> 

As you know, what this draft meant to do, is to document a discussion so it doesn't need to be repeated in the study of every different protocol.

We could paste in a lot of examples here, for instance some of the review of the human rights review team. But the discussion in 4.5 might be enough?

>>
>> > one needs just point
>> > to the development of some protocol which was a political process, and
>> > it seems like that's been pretty amply documented for a number of
>> > protocols/standards (e.g., HTTP/2 or TLS 1.0).
>> >
>> > As I noted above, the claim that protocols can be used for political
>> > means also seems relatively obvious (cf. Tor).
>>
>> I am happy to conclude that we agree on the two statements:
>>
>> - some protocol and standards development is political
>>
>> and
>>
>> - protocols can be used for political means
> 
> Well, I don't think this document demonstrates that, it's just
> conclusory.  To the extent to which we think these statements are
> actually in debate and need demonstrating, then I would, as I said,
> focus on demonstrating them with reference to actual standards
> rather than by referring to other people's views about these
> statements. I would think 3-5 of each of these should be sufficient
> (though of course logically one alone is sufficient to prove
> existence, but several is more convincing)
> 

Again, the document seeks to document existing positions in the community and provide background in existing literature on the topic, that could then be a platform for further work. 

For instance on specific drafts, and or specific tendencies (based on case studies, quantitative models, etc).

Best,

Niels





>          
>> That's progress for me in this discussion. Now let's see if we can
>> further flesh out:
>>
>> - all protocol and standards development is political
> 
> I think what would help at this point that would be for you to
> describe some commercial activities that you think are *not*
> political.
> 
> -Ekr
> 
> 

-- 
Niels ten Oever
Researcher and PhD Candidate
DATACTIVE Research Group
University of Amsterdam

PGP fingerprint	   2458 0B70 5C4A FD8A 9488  
                   643A 0ED8 3F3A 468A C8B3