Re: Working Group Last Call for draft-ietf-httpbis-legally-restricted-status

Alex Rousskov <> Wed, 14 October 2015 15:36 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 26AC11AC419 for <>; Wed, 14 Oct 2015 08:36:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.512
X-Spam-Status: No, score=-5.512 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id WfgcfHXW_xmQ for <>; Wed, 14 Oct 2015 08:35:54 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1B6881AC529 for <>; Wed, 14 Oct 2015 08:35:53 -0700 (PDT)
Received: from lists by with local (Exim 4.80) (envelope-from <>) id 1ZmO2L-0003NE-AV for; Wed, 14 Oct 2015 15:32:17 +0000
Resent-Date: Wed, 14 Oct 2015 15:32:17 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <>) id 1ZmO2H-0003LJ-BC for; Wed, 14 Oct 2015 15:32:13 +0000
Received: from ([]) by with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <>) id 1ZmO2G-00029p-02 for; Wed, 14 Oct 2015 15:32:12 +0000
Received: from [] (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 03C2FE299; Wed, 14 Oct 2015 15:31:48 +0000 (UTC)
To: Matthew Kerwin <>
References: <> <> <> <> <> <> <> <> <> <> <>
Cc: "" <>
From: Alex Rousskov <>
X-Enigmail-Draft-Status: N1110
Message-ID: <>
Date: Wed, 14 Oct 2015 09:31:40 -0600
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-5.4
X-W3C-Hub-Spam-Report: AWL=-1.495, BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: 1ZmO2G-00029p-02 9ecd59482944c2f4ab17200e7d9bb63b
Subject: Re: Working Group Last Call for draft-ietf-httpbis-legally-restricted-status
Archived-At: <>
X-Mailing-List: <> archive/latest/30364
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

On 10/13/2015 02:48 PM, Matthew Kerwin wrote:

> Every person, society, and culture has its own legal authority. It's the
> one with the power to force things (like censorship) on people (and
> websites.)

I would not equate legality with power, but that just illustrates why
the overloaded term "legal" should not be used in the first place IMO
(and yes, this goes against the opinion of a corporate lawyer who
evidently suggested to use the term "legal demand", probably based on
that what that phrase means in that lawyer's part of the world).

> So it's an external force that has the power to coerce you to restrict
> access to a resource in such a way that you feel compelled to respond to
> future requests with "I would send you this thing but they made me not."

Right, that is the broader use case I was rooting for.

> What can that force be other than a legal one? That's not a rhetorical
> question, I really would like to see an example.

All of the examples I have provided earlier can be used (the DMCA one
would need an additional condition):

1. A DMCA takedown notice written by an authority with no legal standing
in the recipient locality or otherwise malformed. The blocker may still
obey the invalid takedown request to ease future business expansion to
other localities/litigation/etc.

2. A visit by a friendly group of armed enforcers of an illegal drug
lord. The blocker may obey their takedown request to avoid destruction
of property/etc.

3. An anonymous article in the "official news paper". The published
opinion may have no legal standing, but the blocker may still decide it
is safer to follow the suggested blocking practices to avoid being
persecuted for unrelated and/or imaginary offences.

>> > I'm struggling to envision a
>> > case of externally-pressured censorship that doesn't count as "legal."
>> Great, you should not object to removing the word "legal" from the draft
>> then. Saying "external censorship" should be sufficient. Why muddy the
>> waters by introducing precise-sounding but still undefined and very
>> context-dependent terms?

> ​​Some would argue that DMCA takedowns aren't censorship (protecting
> rightful property, etc. etc.), so by making this change you're proposing
> to potentially exclude or discourage what was probably the motivating --
> and likely to be the most common -- use case. "Legal" is the less
> restrictive term, as I see it, especially using Ted's suggested text.

Sorry, this is just sloppy context-specific phrasing on my part. I do
not actually suggest using the word "censorship" in the draft (IIRC,
that word came from Mark's use case and was repeated for discussion
continuity sake).

The exact replacement wording is a separate [and minor] issue IMO. It is
the decision to limit the new status code to "legal" obstacles and
demands that is important here. If that decision is reversed, I am sure
we can find a more neutral and less overloaded replacement term that
addresses more use cases. The current WG decision is that the new status
code is limited to cases where the blocking is related to legal external
demands and obstacles as opposed to *all* external demands and
obstacles. That is the important distinction!

> On the definition of 'legal', a very quick Google​ g​ives me: "the
> system of rules which a particular country or community recognizes as
> regulating the actions of its members and which it may enforce by the
> imposition of penalties." Pretty much matches my definition, and the
> one I assumed the draft uses.

Yes, that matches my understanding of a "law" or "legal system" as well.

However, you should be looking up the _adjective_ "legal", not some
related noun. Then you will find things like "permitted by law" (which
may imply that serving the new status code is an agreement that the
takedown request was lawful) and "based on the law" (which does not
cover many common use cases).

> I'd have guessed only a small subset of people would think 'legal' ​
> only ​means 'issued by government or ruled by a court', and only a
> smaller subset further limit it to 'DMCA.' Fortunately for those
> people, that's probably the only ​restriction  they​'re likely to​
> encounter​ in their lives​. People who live in other ​regions would
> likely ​encounter others, and thus ​use 451 for other (legitimate​,
> as currently written​) reasons.

I think the new status code should cover illegitimate and all other
"external demand or obstacle" reasons as well. The status code should
have nothing to do with the law, legality, or lack of thereof. It should
be for any cases where blocking is done because of an external force
(legitimate, illegitimate, hard to tell, varying, unknown, etc.)