Re: [Pearg] descriptive censorship work: draft-hall-censorship-tech

Amelia Andersdotter <amelia@article19.org> Sun, 19 May 2019 01:38 UTC

Return-Path: <amelia@article19.org>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2C90120077 for <pearg@ietfa.amsl.com>; Sat, 18 May 2019 18:38:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PE_K-jt3Dzu3 for <pearg@ietfa.amsl.com>; Sat, 18 May 2019 18:38:26 -0700 (PDT)
Received: from smarthost1.greenhost.nl (smarthost1.greenhost.nl [195.190.28.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76ACB1200B5 for <pearg@irtf.org>; Sat, 18 May 2019 18:38:26 -0700 (PDT)
Received: from smtp.greenhost.nl ([213.108.110.112]) by smarthost1.greenhost.nl with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <amelia@article19.org>) id 1hSAlt-0004qe-Dh for pearg@irtf.org; Sun, 19 May 2019 03:38:23 +0200
To: pearg@irtf.org
References: <CABtrr-Ubq5z_Nx4-VA7gLgGMaxOBvfpSpXKJfeO9Q9C9eCA8Fg@mail.gmail.com> <CAJm22JazQHLN=zZ_RpAwYX5AcUuws6nan-4jShzLwSbz2ysHsQ@mail.gmail.com> <e88b630d-b979-185b-e744-977ab080baad@cs.tcd.ie> <1397790134.3745.1558087203082@appsuite-dev-gw2.open-xchange.com>
From: Amelia Andersdotter <amelia@article19.org>
Openpgp: preference=signencrypt
Autocrypt: addr=amelia@article19.org; prefer-encrypt=mutual; keydata= mQINBFjWlnsBEAC+jUN+LJE+mmxEL8lHSrvg47xSBMb9GdtH1Jr8tRSxXiO6R5E+FydsfqkL sjO0dI3x/VnNBi/kgPFFWiAzDEwGTiR/C9b/Muo+xrY+it6e49N56LTPGezrY2dy5yo6VcLl 7UwGz3fIWiNIj7dvuoPMBoO1uacF073E+dqDM5CmNh6o+OrHW8zhUlC9hKgXCq+8XpZJw90H un1zsHF0sRDiurjfYaCcbdAGK9+th9378ed1ZvLVo5uBVQXdydl3eJkNCOELq7VOS7oxSliA uX5/nj9A4LjeeYXgNbwGfKrMjlffP0FcAcgfzg9seqDd1DEk9EVaUMTr32fbWOQHjinXSC7r Lw4xaNfoBebIe1M6z16Xg7+bXXCTdmJYcL9ugmkvT6tGnR12Pfoca1oBwXPvA0VIRi86kCSU D9qvZ3Vl07MKD2hsvFkGZJOQfEaYv5QLpCWv6RCjfDNC05IyMeSW4H18Fr/BoHX8FXHV3+9H LsbJQ/Zrofd/Cm+TKEmXLAtYc7iXvzV+mw3/u0VYqjEy/CRYa62Ah0NNNVIuswfRVIfx3UZo jX4y8j2Kh0jtUV5A4GGf8H3SzQ/cB0I7wTRHU9mCPVCtH6M26nPumL4Zr4D6uGnAmPf9xnlX lokOn2Qxf/mBldsL41PDbEpYhZvvn5kJ/Z9Qh7Fks/hfTbbJowARAQABtEFBbWVsaWEgQW5k ZXJzZG90dGVyIChUZWNobmljYWwgY29uc3VsdGFudCkgPGFtZWxpYUBhcnRpY2xlMTkub3Jn PokCVAQTAQgAPhYhBD1dtsq4UrmIBVpqb/7xwpS06AtVBQJZbJ97AhsjBQkJZgGABQsJCAcC BhUICQoLAgQWAgMBAh4BAheAAAoJEP7xwpS06AtVgrcQAJYg+mhDhui+9xNb9PuRJbelOI7J WlCjSycfaMi+rTJ9FjVKYIE9aug2VV486BZaeqMoOh5wjl61oeRTDHYG6HvhK4w8O/BVPsL0 8MEfYfpFevZmBsInEJypg0r7VJ/SeO9UyaFKUffgvLyiYwk7zJIgx5dHF5Vch0kTtRNc/Wbe 9MGfhl//1Ztl8GjGqzra7MwzaO12ctTDo7LIvXGqrpYm5g7+hRv3+KYVOJvlh4T4deAzNlX1 F/jj4cOYvJJxP2OMPZxoleQZSf63h0hWnKlQWX3UiUZY/M296V6niGDCQHX1q7oz9YWxwUun mNPltaPnTdvE51N98Q+hhrw39XowN0vYhfphaFNrf/crNKTB5Iqx62aAzYwqXQKlh6EtWAri 2rVB9vXxPv+1eL9t/Kga2JyCjmJVtYJxlZWceyW3EKjK+E7qjr1LHDFjV8ZbvN7QRTdjsuzR Ggz3ECba80Ij2/tASE8IXpT/Zb68NeSx3/nDXkIG13inSvGy8yNovzEADXsGO16GSx5Rool/ ECFhTYksMyM73FkvcpvXo6J+neyGEVKDx1Oy213KgTrAOrA+p2hMI2nX9sI5tvWms8XspwQ5 wtmzDribnZNQzpdrb45Chv56LjrKVer9tmraRq8Qe3mL6jXhMPWLim1OeAx6m3qBzKr3QxuG PdADCLHsuQINBFjWlnsBEADFjusaTo9W8VeWluCK/oJqyyyF1wMvou0ldfuoOpUZrOqsY67T M7yBqsv5COPVgAV+xp+axor5oHWxibd283w0Ok4dK6tvtNGwUqyDRlHtQ92DG/u4Tg5eOwrH NUn73/rfeBD9KhKAXcNKKPoccLgR8oQTXpO7eRo+0NI52pXQ6LdZ0wddYeTcHglsNKN1TK+C yYS7xfGolsZXXoBOKcyhfj/ckPFVIHWpGpEtcYWTZWvXgLprzHvpKzkzNyBwejaXE+bqCT2d Rl3omI/e2t3Vq33hFUUSAdxrFF29vMX/YsSnYqsFOIoayna+TRsDFAfZvbvHBOMckeJzvA8y Bdadw7CM08Uw8wqH7n9BA3oq//QpZJekPfrc2E9nM9H0d51T0uStLMbYDWdwxvfPA3p9z8L9 1vobt8bM/Jbhl9h+X2Yq9oBCiTI7b2izYd9FVG4BwBIdeh3bh9R9HExgRjF3XQ6uafT3pcVO PASdv9FRUYH1Va7QWQifoha0B7UXKx1OpX1Z6XR2NQ9KN2MvlwvBKdHtm6tBzUIFzW6D8vUO xiYKBA4fppJt/LJF4jsaCEyI/CVQnkC0yL5DKFOdigxTipwEL9Uc6r7VfR5OAGFd6vzuJFy+ j+/WhzaVT1oVYp6eQXh0bBtqqH2Mq9sAMnIjvaNYIKiQKgMa1Pa3OWQbQQARAQABiQI8BBgB CAAmFiEEPV22yrhSuYgFWmpv/vHClLToC1UFAljWlnsCGwwFCQlmAYAACgkQ/vHClLToC1Xn Rw//W4lzE8FddceKXGRwO/T1u4uzH9EjPCj+3/eHCrLI+h1m7QPyH1DrFAtZBoA6UoaF0+vI AJXM9/HI1FZ09EUdJr5X/+YREErFom4DbE1FK8fpK1/Hw2zI+7Xa8bVkmYrKhMGhi1Gq6Dtk sn/H4USdJL53ZPt10SVNK7H3w93Yp1GC4+0zWjfrsKfsHYZZr2SZyb5/gZlngfgaqiQLhIcP YmiU1GQi9QWkGxWRxk0YQXBwhekewvgltATxlRSCwguAi4uck9fAct9GGdpsshSOgAb9YIAn EV3EqaGnf0PknXp3vNHAZWrfM+RyuNdm2L5TjDU0rIrvyqGP3pR33cREGOAil5Sz2uFArmws Pt8VffbEXlf7qZqRBKaYeKt0qnxKMx1+e1JilVsfb8qtnAWAFDyR0HMlVj/dvGAmq/auPSOA UWRSnDRyT6rv/vXxrbkL4uxWax46qdpDhR15mS5MTng6b5b3Uox7xlveo/Sx71AdNf4goPvB /ntv0DiMuh+fmLGk3zrxs4Xd30Sx+qQwVaXR5xc5rgnF81wvfmuAOb2eP9mpD6DoabkpxC8f Lk17AK7Q1ZTgcZ+8XLRFnavdPrwCa9RU0BF53lJMSTPzyBcMwZ4sqA6Z5IRFVt7rEbSeeD8R Eiawo+FvVt9j0fKdNEBeaJ3WY5hlhNPcUXr4q1U=
Organization: ARTICLE19
Message-ID: <d1dd5c3a-ba10-406e-d7d7-fc8c07d7ea10@article19.org>
Date: Sun, 19 May 2019 03:37:50 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <1397790134.3745.1558087203082@appsuite-dev-gw2.open-xchange.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US-large
X-Virus-Scanned: by clamav at smarthost1.samage.net
X-Scan-Signature: a37d78a1f62179d0f8bbb55570e85dc4
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/8ksCVkIucTRCTGSi-Ao4Atbl-rU>
Subject: Re: [Pearg] descriptive censorship work: draft-hall-censorship-tech
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 May 2019 01:38:30 -0000

Hey Joe,

Some additional feedback:

- Change the words "blacklisting" and "whitelisting" to "blocklisting"
and "allowlisting" as suggested in draft-knodel-terminology-00.
- EU countries are being let off a bit easily in the examples section.
DNS blocking is really common[1][2][3][4][7] (for section 4.1.1) - EU
ISPs default on DNS blocking when they are faced with legal obligations
to restrict access to content for whatever reason. On DPI (section
3.2.4), there are other resources[5] (which include the nuance Vittorio
seeks below). But of course, our friends at epicenter.works have
compiled a comprehensive list of various blocking schemes that are
commercially motivated in the EU at this time[6]. They fall under
various headings in draft-hall-censorship-tech section 3 and 4.

Like Vittorio, I have some difficulty seeing what sections 5, 6.1 and
6.4 bring to the discussion. Section 6.2 and 6.3 could have value since
there are or could be technical work-arounds for the cases where there
is no clear legal support for action (e.g., consider a contractual,
voluntary action by a root name server to delist or re-assign some name,
which could be monitored, perhaps in some way similar to Certificate
Transparency). Section 6.3 situations would be mitigated by
cloud-servers or CDNs, but not an IETF job perhaps. On section 6.2,
there is case-law from a number of EU member states on domain seizures,
and in a link below you'll see an EFF and Public Knowledge mapping of
B2B domain seizures in the US.

I can add some reflections on Vittorio's remarks (mostly for Vittorio's
benefit, but see EFF-link below all):

On 2019-05-17 12:00, Vittorio Bertola wrote:
> First of all, the document assumes that any content control is
> censorship. By the definition in section 1, even blocking the
> connection from a bot to its C&C center is censorship. That's way too
> broad.
> The basic problem is that many of these techniques are also used for positive reasons, which makes it difficult to determine how to deal with them at the technical level, as any counter-technique that makes them impossible is bound to also disrupt those positive uses, creating problems to their users (see the DoH debate). 

While I disagree this necessarily applies to DoH, I am aware that
positive uses of disrupting communications (blocking port 25 for private
consumers to inhibit spam, for instance, in section 3.3.1 of the draft)
is what generally has limited regulatory action targetting the
/technical means of disrupting communications/. 

> But there are also cases in which Internet platforms decide to block stuff on their own, for their own business interests or company views (example: I don't think Facebook is censoring breastfeeding images due to any legal requirement or governmental pressure).

Yes, and no. James Boyle wrote an essay in 1997 titled "Foucault in
Cyberspace" which argues that COPPA incentivises exactly the censoring
of breastfeeding images. For an illustrative example, read the Wikipedia
article on Janet Jackson's nipple-slip during SuperBowl:
https://en.wikipedia.org/wiki/Super_Bowl_XXXVIII_halftime_show_controversy#Aftermath_and_effects

There are also issues with B2B contracts:
https://www.eff.org/deeplinks/2017/07/how-threats-against-domain-names-used-censor-content

I think this could be clarified in section 1 of draft-censorship by
adding the word "contractual": "(Although censors that engage in
censorship must do so through legal, CONTRACTUAL, military, or other means,"

> A couple of weeks ago, for example, Facebook blocked the account of a European elections candidate that happened to be a descendant of Mussolini. A couple of days ago, Facebook shut down 23 pages in Italy that supported the government parties, for spreading "fake news" that, according to those who were posting them, were not fake at all. I'm not arguing that this was bad behaviour by them, but these are indeed cases of silencing someone for their political views, yet I don't see where this kind of things are covered in this document.

To be fair, Facebook faces fines in the order of tens of millions of
euros if they fail to block something they should have blocked.
Over-blocking has indeed been a persistent concern among those groups
who have argued that blocking is not a good solution to any particular
content moderation problem.

References:

[1] Council of Europe, 2014: p. 72 ff, The rule of law on the Internet
and in the wider digital world, https://rm.coe.int/16806da51c

[2] European Commission (contractors), 2019: p. 31 ff, Evaluation of
regulatory tools for enforcing online gambling rules and channelling
demand towards controlled offers,
https://ec.europa.eu/growth/content/evaluation-regulatory-tools-enforcing-online-gambling-rules-and-channelling-demand-towards-1_en

[3] EDRi, 2011: p. 22 ff, The slide from self-regulation to corporate
censorship,
https://edri.org/wp-content/uploads/2010/01/selfregualation_paper_20110925_web.pdf


[4] EDRi, 2010: all the pages, Booklet On Internet Blocking.
https://edri.org/wp-content/uploads/2013/12/blocking_booklet.pdf

[5] BEREC and European Commission, 2012: A view of traffic management
and other practices resulting in restrictions to the open Internet in
Europe
http://berec.europa.eu/eng/document_register/subject_matter/berec/download/0/45-berec-findings-on-traffic-management-pra_0.pdf


[6] epicenter.works, 2019: p. 36 ff, Report: The Net Neutrality
Situation in the EU, https://epicenter.works/document/1522

[7] From ARTICLE19's CATNIP, forthcoming: "France blocked Copwatch, a
website reporting on police violence, in 2011,
https://www.laquadrature.net/fr/censure-politique-et-judiciaire-de-copwatch
"

-- 
Amelia Andersdotter
Technical Consultant, Digital Programme
Chair, RCM TIG, IEEE 802.11

ARTICLE19
www.article19.org

PGP: 3D5D B6CA B852 B988 055A 6A6F FEF1 C294 B4E8 0B55