Re: [Pearg] [EXT] Re: [saag] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?

[Vittorio Bertola <vittorio.bertola@open-xchange.com>]

 

> Il 05/01/2023 14:19 CET Brad Chen <bradchen@google.com> ha scritto:
>  
>  
> I question whether the IETF has the competence to unilaterally determine policy in this space. Recent comments on this thread reassure me that some of us are at least equipped to recognize the limits of our competence and to recognize the discretion that the IETF needs to exercise in how we impact policy.
>  
> The right to privacy has never been absolute. The tension between privacy, free expression and the public right to know represents some of the most challenging questions in moral philosophy and law. When we pretend we can unilaterally establish policy through technology, we demonstrate our incompetence with regards to disciplines like law and moral philosophy.
> 
Yes, I totally agree. Ten years ago, the IETF sincerely (with the best of intentions) and naively thought to be in charge of setting this tradeoff in Internet communications. It did good, because encryption is in many cases a significant step forward for end-user privacy, but it did not take into consideration a set of reasonable needs by non-technical stakeholders, and this led to the perception that I mentioned in the previous message.
 
But there is more. First of all, also replying to Ted, it's true that there are extreme variations in almost anything across the 27 EU member States, and the non-EU ones as well; however, there is in the end a "European [Union] position", the one that is reflected in the laws that are made by the European Parliament + Council (i.e. member States) + Commission after extensive negotiation. You just have to read the Digital Markets Act and the Digital Services Act (and the European Court of Justice rulings, and the investigations of national and European antitrust authorities, etc.) to know what the current European position on "Internet gatekeepers" is.
 
This said, the problem is not just about stakeholder inclusion. The problem is the increasing divergence in values and policy objectives among different parts of the world, including two - North America and Europe - that have been aligned in terms of Internet policies up to a few years ago, but are now often at odds.
 
There are multiple tensions (free expression vs protection of weaker groups; privacy vs economic initiative; privacy vs law enforcement) where the desired compromise point is now different between the two sides of the Atlantic, and the related technical architectures would need to be differentiated and accommodate different arrangements country by country. This is mostly incompatible with the traditional Internet architecture designed for a global, borderless network without any intermediary or checkpoint between the two ends of the connection. Both objectives - global unfettered communications and digital sovereignty, i.e. the right of any independent national community to regulate the Internet the way they want - are worthy, but keeping them together is very hard. I have no easy answers, but at least the technical community should start acknowledging that the whole world is going in that direction, and this should be considered when designing protocols.
 
And no, don't tell me that networking protocols do not have any role in that - in the real world, things like TLS 1.3, DOH and OHAI mess up precisely with the above tensions.

--

Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com mailto:vittorio.bertola@open-xchange.com
Office @ Via Treviso 12, 10144 Torino, Italy