[hrpc] new draft methodology

[Niels ten Oever <niels@article19.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Looking forward to the discussion! For a more readable format, check
here: http://digitaldissidents.org/draft-methodology.html

For changes I also accept pull requests at
https://github.com/nllz/IRTF-HRPC/blob/master/draft-methodology.md but
let's have the discussion on the list instead of on Github.

- ---
title: Human Rights Protocol Considerations Methodology
abbrev: hrpcm
docname: draft-varon-hrpc-methodology-01
category: info

ipr: trust200902
area: General
workgroup: Human Rights Protocol Considerations Research Group
keyword: Internet-Draft

stand_alone: yes
pi:
  rfcedstyle: yes
  toc: yes
  tocindent: yes
  sortrefs: yes
  symrefs: yes
  strict: yes
  comments: yes
  inline: yes
  text-list-symbols: -o*+

author:
- -
       ins: J. Varon
       name: Joana Varon
       organization: Coding Rights
       email: joana@codingrights.org
- -
       ins: C.J.N. Cath
       name: Corinne Cath
       organization: Oxford Internet Institute
       email: corinne.cath@oii.ox.ac.uk

- -
       ins: N. ten Oever
       name: Niels ten Oever
       organization: Article19
       email: niels@article19.org


normative:

informative:

   RFC1958:
   RFC1984:
   RFC2026:
   RFC2639:
   RFC2919:
   RFC3365:
   RFC5890:
   RFC5891:
   RFC5892:
   RFC5893:
   RFC6162:
   RFC6783:
   RFC6973:
   RFC7230:
   RFC7231:
   RFC7232:
   RFC7234:
   RFC7235:
   RFC7236:
   RFC7237:
   RFC7258:


   UDHR:
     title: The Universal Declaration of Human Rights
     date: 1948
     author:
        org: United Nations General Assembly
     target: http://www.un.org/en/documents/udhr/

   HRPC-GLOSSARY:
     title: Human Rights Protocol Considerations Glossary
     date: 2015
     author:
        - ins: N. ten Oever
        - ins: A. Doria
        - ins: D. K. Gillmor
     target: https://www.ietf.org/id/draft-dkg-hrpc-glossary-00.txt

   ID:
     title: Proposal for research on human rights protocol consideration
s
     date: 2015
     author:
        - ins: N. ten Oever
        - ins: A. Doria
        - ins: J. Varon
     target: http://tools.ietf.org/html/draft-doria-hrpc-proposal


- --- abstract

This document presents steps undertaken for developing a methodology
to map engineering concepts at the protocol level that may be related
to promotion and protection of Human Rights, particularly the right to
freedom of expression and association.  It feeds upon and is intended
to facilitate the work done by the proposed Human Rights Protocol
Considerations research group, as well as other authors within the IETF.

Exemplary work {{RFC1984}} {{RFC6973}} {{RFC7258}} has already been
done in the IETF on privacy issues that should be considered when
creating an Internet protocol. But, beyond privacy considerations,
concerns for freedom of expression and association were also a strong
part of the world-view of the community involved in developing the
first Internet protocols. Indeed, promoting open, secure and reliable
connectivity is essential for these rights. But how are this concepts
addressed in the protocol level? Are there others? This ID is intended
to explain research work done so far and to explore possible
methodological approaches to move further on exploring and exposing
the relations between standards and protocols and the promotion and
protection of the rights to freedom of expression and association.

Discussion on this draft at: hrpc@irtf.org //
https://www.irtf.org/mailman/admindb/hrpc


- --- middle

Introduction
============

In a manner similar to the work done for {{RFC6973}} on Privacy
Consideration Guidelines, the premise of this research is that some
standards and protocols can solidify, enable or threaten human rights.

As stated in {{RFC1958}}, the Internet aims to be the global network
of networks that provides unfettered connectivity to all users at all
times and for any content. Our research hypothesis is that Internet's
objective of connectivity makes it an enabler of human rights and that
its architectural design tends to converge in protecting and promoting
the human rights framework.

Open, secure and reliable connectivity is essential for human rights
such as freedom of expression and freedom of association, as defined
in the Universal Declaration of Human Rights {{UDHR}}.  Therefore,
considering connectivity as the ultimate objective of the Internet,
makes a clear case that the Internet is not only an enabler of human
rights, but that human rights lie at the basis of, and are ingrained
in, the architecture of the network.

But, while the Internet was designed with freedom and openness of
communications as core values, as the scale and the commercialization
of the Internet has grown greatly, the influence of such world-views
started to compete with other values. Therefore, decisive and human
rights enabling characteristics of the Internet might be degraded if
they're not properly defined, described and protected as such. And, on
the other way around, not protecting these characteristics could also
result in (partial) loss of functionality and connectivity, thus, in
the internet architecture design itself.

An essential part of maintaining the Internet as a tool for
communication and connectivity is security. Indeed, "development of
security mechanisms is seen as a key factor in the future growth of
the Internet as a motor for international commerce and communication"
{{RFC1984}} and according to the Danvers Doctrine {{RFC3365}}, there
is an overwhelming consensus in the IETF that the best security should
be used and standardized.

In {{RFC1984}}, the Internet Architecture Board (IAB) and the Internet
Engineering Steering Group (IESG), the bodies which oversee
architecture and standards for the Internet, expressed: "concern by
the need for increased protection of international commercial
transactions on the Internet, and by the need to offer all Internet
users an adequate degree of privacy."  Indeed, the IETF has been doing
a significant job in this area {{RFC6973}} {{RFC7258}}, considering
privacy concerns as a subset of security concerns.

Besides privacy, it should be possible to highlight other aspects of
connectivity embedded in standards and protocols that can have human
rights considerations, such as freedom of expression and the right to
association and assembly online. This ID is willing to explain
research work done so far and explore possible methodological
approaches to move further on exploring and exposing these relations
between standards and protocols and the promotion and protection of
the rights to freedom of expression and association.

To move this debate further, information has been compiled at the
https://datatracker.ietf.org/rg/hrpc/ and discussions are happening
through the list hrpc@irtf.org

This document builds on the previous IDs published within the
framework of the proposed hrpc research group {{ID}}

Research Topic
==============

The growing impact of the Internet on the lives of individuals makes
Internet standards and protocols increasingly important to society.
The IETF itself, in {{RFC2026}}, specifically states that the
‘interests of the Internet community need to be protected’. There are
various examples of protocols and standards having a direct impact on
society, and by extension the human rights of end-users. Privacy is
just one example. Therefore, this proposal for research methodology is
addressing as research topics the rights to freedom of expression and
association and it's relations to standards and protocols.

These two rights are described in the Universal Declaration of Human
Rights:


Article 19 - Freedom of Expression (FoE)
"Everyone has the right to freedom of opinion and expression; this
right includes freedom to hold opinions without interference and  to
seek, receive and impart information and ideas through any  media and
regardless of frontiers."

Article 20 - Freedom of Association (FoA)
"Everyone has the right to freedom of peaceful assembly and association.
"

But how to talk about human rights in an engineering context?

But can we translate these concepts into Internet architecture
technical terms?

What standards and protocols could have any relationship with freedom
of expression and association?

What are the possible relationships between them?


Methodology
===========

Mapping the relation between human rights and protocols and
architectures is a new research challenge, which requires a good
amount of interdisciplinary and cross organizational cooperation to
develop a consistent methodology.  While the authors of this first
draft are involved in  both human rights advocacy and research on
Internet technologies - we believe that bringing this work into the
IRTF facilitates and  improves this work by bringing human rights
experts together with the  community of researchers and developers of
Internet standards and technologies.

In order to map the potential relation between human rights and
protocols, so far, the HRPC proposed research group has been gathered
the data from three specific sources:

a. Discourse analysis of RFCs
To start addressing the issue, a mapping exercise analyzing Internet
architecture and protocols features, vis-a-vis possible impact on
human rights is being undertaken. Therefore, research on the language
used in current and historic RFCs and mailing list discussions is
underway to expose core architectural principles, language and
deliberations on human rights of those affected by the network.

b. Interviews with members of the IETF community during the Dallas
meeting of March 2015
Interviews with the current and past members of the Internet
Architecture Board (IAB), current and past members of the Internet
Engineering Steering Group(IESG) and chairs of selected working groups
and RFC authors. To get an insider understanding of how they view the
relationship (if any) between human rights and protocols to play out
in their work.

c. Participant observation in Working Groups
By participating in various working groups information was gathered
about the IETFs day-to-day work. From which which general themes and
use-cases about human rights and protocols were extracted.


All this data was then processed using the following three consecutive
strategies:

Translating Human Rights Concept into Technical Definitions
- -----------------------------------------------------------

Step 1.1 - Mapping protocols and standards related to FoE and FoA
Activity: Mapping of protocols and standards that potentially enable
the internet as a tool for freedom of expression
Expected Outcome: list of RFCs that describe standards and protocols
that are potentially more closely related to FoE and FoA.

Step 1.2 - Extracting concepts from mapped RFCs
Activity: Read the selected RFCs to highlight central design and
technical concepts which impact human rights.
Expected Outcome 1: a list of technical terms that combined create the
enabling environment for freedom of expression and freedom of associatio
n.
Expected Outcome 2: Possible translations of human rights concepts to
technical terms.

Step 1.3 - Building a common glossary
In the analysis of existing RFCs, central design and technical
concepts shall be found which impact human rights.
Expected Outcome: a Glossary for human rights protocol considerations
with a list of concepts and definitions of technical concepts


Map cases of protocols being exploited or enablers
- ------------------------------------------------------

Step 1.1 - Cases of protocols being exploited
Activity 1: Map cases in which users rights have been exploited,
violated or compromised, analyze which protocols or vulnerabilities in
protocols are invovled with this.
Activity 2: Understand technical rational for the use of particular
protocols that undermine human rights.
Expected Outcome: list of protocols that have been exploited to expose
users to rights violation and rationale.

Step 1.2 - Cases of protocols being enablers
Activity: Map cases in which users rights have been enabled, promoted
and protected and analyze which characteristics in the protocols are
involved with this.
Expected Outcome: list of characteristics in the protocols that have
been key to promote and protect the rights to freedom of expression
and association that could be added to our glossary


Apply human rights technical definitions to the cases mapped
- ---------------------------------------------------------------

Step 1 - Glossary and Cases
Activity: Investigate alternative technical options from within list
of technical design principle (see {{HRPC-GLOSSARY}}) that could have
been applied in the mapped cases to strengthen our technical
definition of FoE and FoA, and hence human rights and connectivity of
the network.

Expected Outcome: Identify best (and worst) current practices. Develop
procedures to systematically evaluate protocols for potential human
rights impact.



Preliminary findings achieved by applying current proposed methodology
=======================================================================


Translating Human Rights Concept into Technical Definitions
- -----------------------------------------------------------

Step 1.1 - Mapping protocols and standards related to FoE and FoA

Below are some examples of these protocols and standards that might be
related to FoE and FoA and FoE:

HTTP
Websites made it extremely easy for individuals to publish their
ideas, opinions and thoughts.  Never before has the world seen an
infrastructure that made it this easy to share information and ideas
with such a large group of other people.  The HTTP architecture and
standards, including {{RFC7230}}, {{RFC7231}}, {{RFC7232}},
{{RFC7234}}, {{RFC7235}}, {{RFC7236}}, and {{RFC7237}}, are essential
for the publishing of information.  The HTTP protocol, therefore,
forms an crucial enabler for freedom of expression, but also for the
right to freely participate in the culture life of the community
(Article 27) {{UDHR}}, to enjoy the arts and to share in scientific
advancement and its benefits.


Real time communications through XMPP and WebRTC
Collaborations and cooperation via the Internet have take a large step
forward with the progress of chat and other other real time
communications protocols.  The work on XMPP {{RFC6162}} has enabled
new methods of global interactions, cooperation and human right
advocacy.  The WebRTC work being done to standardize the API and
protocol elements to support real-time communications for browsers,
mobile applications and IoT by the World Wide Consortium (W3C) and the
IETF is another artifact enabling human rights globally on the Internet.

Mailing lists
Collaboration  and cooperation have been part of the Internet since
its early  beginning, one of the instruments of facilitating working
together in  groups are mailing lists (as described in {{RFC2639}},
{{RFC2919}}, and {{RFC6783}}.  Mailing lists are critical  instruments
and enablers for group communication and organization, and  therefore
form early artifacts of the (standardized) ability of Internet
standards to enable the right to freedom of assembly and association.


IDNs
English has been the lingua franca of the Internet, but for many
Internet user English is not their first language.  To have a true
global Internet, one that serves the whole world, it would need to
reflect the languages of these different communities.  The
Internationalized Domain Names IDNA2008 ({{RFC5890}}, {{RFC5891}},
{{RFC5892}}, and {{RFC5893}}), describes standards for the use of a
broad range of strings and characters (some also written from right to
left).  This enables users who use other characters than the standard
LDH ascii typeset to have their own URLs.  This shows the ambition of
the Internet community to reflect the diversity of users and to be in
line with Article 2 of the Universal Declaration of Human Rights which
clearly stipulates that "everyone is entitles to all rights and
freedoms `[...]`, without distinction of any kind, such as `[...]`
language `[...]`." {{UDHR}}

Current Status:
- ---------------
Based on these standards and protocols, a raw list of RFCs that
describe standards and protocols that are potentially related to FoE
and FoA is available here:
https://github.com/nllz/IRTF-HRPC/blob/master/RFC%20overview.ods


Step 1.2 - Extracting concepts from mapped RFCs
The list of RFCs compiled above has used to extract our key concepts.

Current Status:
- ---------------
Expected Outcome 1:  a list of  technical terms that combined create
the enabling environment for human rights, such a freedom  of
expression and freedom of association.

      Architectural principles                    Enabling features
        and characteristics                        for user rights

                       /------------------------------------------------
\
                       |
|
     +=================|=============================+
|
     =                 |                             =
|
     =                 |           End to end        =
|
     =                 |          Reliability        =
|
     =                 |           Resilience        =  Access as
|
     =                 |        Interoperability     =   Human Right
|
     =    Good enough  |          Transparency       =
|
     =     principle   |       Data minimization     =
|
     =                 |  Permissionless innovation  =
|
     =    Simplicity   |     Graceful degradation    =
|
     =                 |          Connectivity       =
|
     =                 |          Heterogenity       =
|
     =                 |                             =
|
     =                 |                             =
|
     =                 \------------------------------------------------
/
     =                                               =
     +===============================================+

Current status:
- ---------------
Expected Outcome 2: Translating human rights to technical terms. This
analysis points to translating human rights that impact or are
impacted by the Internet as follows:

The combination of content agnosticism, connectivity, security,
privacy (as defined in {{RFC6973}}, and open standards are the
technical principles that underlay freedom of expression on the Internet
.

      (        Connectivity         )
     (         Privacy               )
     (         Security              )   = freedom of expression
     (         Content agnosticism   )
     (	      Internationalization   )
     (        Censorship resistance  )
     (	      Open Standards         )
      (       Heterogeneity support )
	

     (		Anonymity           )
    (		Privacy              )   = Non-discrimination
    (		Pseudonymity         )
     (		Content agnosticism )	

			
    ( 	      Content Agnosticism  )
    (	      Security             ) 	= Equal protection


     (	      Anonymity       )
    (	      Privacy          )   = Right to be presumed innocent
     (	      Security        )	


	 (	Accessibility         )
	(	Internationalization   ) = Right to political participation
	(	Censorship resistance  )
	 (

					
	 (  Open standards         )
	(   Localization            ) = Rights for cultural life,
	(   Internationalization    )             arts and science
	 (  Censorship resistance  )


	 (	Connectivity         )
	(	Decentralization      )
	(     Censorship resistance ) = Right to freedom of assembly
	(  	Pseudonymity          )                   and association
	(	Anonymity             )
	 ( 	Security             )
	
        ( Reliability    )
       (  Confidentiality )	
       (  Integrity       ) = Right to security
       (  Authenticity    )
        ( Anonymity      )


Step 1.3 - Build a common glossary

Current status:
- ---------------
Expected Outcome: A first list of concepts, which definitions should
be improved and further aligned with existing RFCs, is published as {{ID
}}



Next Steps of the Methodology still to be applied
=================================================

Map cases of protocols being exploited or enablers
- ---------------------------------------------------

UPCOMING BEFORE YOKOHAMA


Apply human rights technical definitions to the cases mapped
- ------------------------------------------------------------


Next Steps of the Methodology still to be developed
===================================================

Future research questions
- -------------------------
All of the steps taken above raise the following question that need to
be addressed after the research methodological steps outlined above
have been completed:

How can the rights enabling environment be safeguarded in (future)
protocol development?

How  can (nontransparent) human rights violations be minimized in
(future) protocol development?

Can we propose guidelines to protect the Internet as a
human-rights-enabling environment in future protocol development,
specially in relation to freedom of expression and freedom of
association, in a manner similar to the work done for Privacy
Considerations in {{RFC6973}}?

Assuming that the research produces useful results, can the objective
evolve into the creation of a set of recommended considerations for
the protection of applicable human rights?


Security Considerations
========================

As this draft concerns a research document, there are no security
considerations.


IANA Considerations
==========================

This document has no actions for IANA.


Research Group Information
==========================

The discussion list for the IRTF Human Rights Protocol Considerations
proposed working group is located at the e-mail address
<hrpc@ietf.org>. Information on the group and information on how to
subscribe to the list is at
<https://www.irtf.org/mailman/listinfo/hrpc>

Archives of the list can be found at:
<https://www.irtf.org/mail-archive/web/hrpc/current/index.html>


- -- 
Niels ten Oever
Head of Digital

Article 19
www.article19.org

PGP fingerprint    8D9F C567 BEE4 A431 56C4
                   678B 08B5 A0F2 636D 68E9
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJV+zXlAAoJEAi1oPJjbWjp4vQH/iDS1RzUApo6ID1BOGIvMERg
HrMdVHTuYhVuWW/CKUSEDwnd3ABYV8pR7gbt21V0/tqPyWaVnAddLCpRn0IDQH3f
DZxVYNBMVF8Or3XaX/5xpZwPkVwXn34SVCIsLorUPmg4yLQUrPr+bVpyAP+muMSe
mXj4jGMWTgmrha94TWerx6vv2VygoZnB8990SVbHsSrKYAVyD1w5HEMnRXX/8xSe
Yb2FdDUmqve7W7FiJmrCCaTYJ0YNRL3kfJ6/qwioL0IK99aE2xFRAMHXOy6pXjvq
oZPj5+IoQVZrkEhLrerTF2IKhirp9lGQ+daOIy5IuBePCIW1kU+Od7nPYeTwk2c=
=oOYm
-----END PGP SIGNATURE-----