IETF Logo Mail Archive

Re: [hrpc] My suggestion for the attribution paragraph

John Curran <jcurran@istaff.org> Sun, 21 March 2021 14:34 UTC

Return-Path: <jcurran@istaff.org>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBE4D3A0BAB for <hrpc@ietfa.amsl.com>; Sun, 21 Mar 2021 07:34:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5IPG--ervR-y for <hrpc@ietfa.amsl.com>; Sun, 21 Mar 2021 07:34:39 -0700 (PDT)
Received: from mx1.wiredblade.com (mx1.wiredblade.com [162.216.242.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D5A73A0BA8 for <hrpc@irtf.org>; Sun, 21 Mar 2021 07:34:38 -0700 (PDT)
Received: from [10.0.0.48] (c-73-128-235-203.hsd1.md.comcast.net [73.128.235.203]) by mx1.wiredblade.com with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256) ; Sun, 21 Mar 2021 14:34:36 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
From: John Curran <jcurran@istaff.org>
In-Reply-To: <9998c4f7-6ef2-b0c1-6b40-7dbb42857f8e@nielstenoever.net>
Date: Sun, 21 Mar 2021 10:34:35 -0400
Cc: hrpc@irtf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <7A8563A9-3C99-44B5-85A5-411D600FBC57@istaff.org>
References: <CAN1qJvA_ONSNqk_Am6z6SASHO63eObaYMRVMY4cHR6XzPskGqg@mail.gmail.com> <988c1a1b-97a4-bccc-f991-7f51f760c088@cis-india.org> <CAN1qJvC2jPSJuawePyH5DO9xvqWLnUUAzFu8tWBzfkntQBEO6Q@mail.gmail.com> <5f706893-5ccf-a6ad-353e-1f64241e9978@yahoo.com> <91F738F9-3570-423A-8240-F3CB18EA25C8@istaff.org> <CAN1qJvCVMc9E1LaXBD8yENxH+0aWPFt7UqCLDS2CDp8Edrbaxw@mail.gmail.com> <9998c4f7-6ef2-b0c1-6b40-7dbb42857f8e@nielstenoever.net>
To: Niels ten Oever <mail@nielstenoever.net>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/rxEs0Ahp0w9qhsmy8IYW0smRGeY>
Subject: Re: [hrpc] My suggestion for the attribution paragraph
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: hrpc discussion list <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Mar 2021 14:34:45 -0000

On 19 Mar 2021, at 11:52 AM, Niels ten Oever <mail@nielstenoever.net> wrote:
> 
> Your framing [attribution results in or can help with legal remedy] is problematic because it brings jurisdictional issues to this document.
> 
> It is a core component of the UN Guiding Principles for Human Rights. This is not necessarily part of jurisdiction. Remedy does not necessarily need to be offered by a state.

Agreed - remedy doesn’t necessarily have to be offered by a state, or even be “legal remedy” per se.   However, when an individual suffers harm as a result of communications and has no ability to attribute the harm to the specific perpetrator, it’s fairly clear that their options for legal remedy may be reduced as a result. 

Does a reduction in ability to obtain legal remedy (due to lack of attribution) against someone who has harmed you in communications result in a reduction in your access to human rights?  I’m not immersed in the vernacular of human rights practitioners, but it seems apparent that lack of attribution can readily reduce one’s access to legal remedies. 

> I heard that people were saying we are not trying to bring one set of legal systems into the discussion. And it's not even clear how you can create a direct link between attribution and legal remedy. Access to legal remedy in the human rights law field does not mean that a private protocol developer helps victims or law enforcement with gathering evidence!

There is no assertion in the least that support for “gathering evidence” is required.  Rather, inclusion of the attribution capability (and the potential impact on ability to obtain legal remedies when it is not present) suggests that protocol designers might want to give some thought to what other technical measures are provided to help ameliorate harm to users when relying on legal recourse isn’t an option.   Email is a fine example - it’s clear that we lack attribution for most actors in the email space – and thus recourse from harm through tradition law enforcement or civil litigation is rather limited – but we’ve come up with an entire ecosystem for providing various degrees of sender assertion, reputation systems for bulk solicitation protection, etc. 

To some extent, social media networks are doing the very same thing - their lack of true attribution to legal identify of users isn’t necessary “right” or “wrong”, but does mean it is worth giving some thought to how users address harms suffered, as the lack of attribution prevents users as a practical matter from pursuing legal remedies.

Thanks,
/John

p.s.  Disclaimer:  my views alone (no one else would claim them anyway ;-)

v2.23.0 | Report a Bug | By Email