Re: [Pearg] descriptive censorship work: draft-hall-censorship-tech

[Vittorio Bertola <vittorio.bertola@open-xchange.com>]

> Il 17 maggio 2019 09:58 Stephen Farrell <stephen.farrell@cs.tcd.ie> ha scritto:
> 
> > We can discuss
> > whether we want to keep this a regularly-updated-draft or something else in
> > the RG meeting at IETF 105 (we can do a short presentation, if you're
> > interested).
> 
> Personally, I'd prefer to see the thing just finished as
> soon as possible. A presentation for that is no harm, but
> not really needed IMO. My argument for that is that an
> RFC on this topic could be informative for protocol
> designers, whereas the draft hasn't been so far (at least
> afaik). Telling someone to go read and think about RFCnnnn
> is more likely to be effective than explaining the status
> of draft-hall-* I reckon.

First of all, thanks for bringing up this document again, as I had read it quickly and even promised the authors some feedback on the DNS section, which however I never did (apologies).

Now I had the time to go through it a little more in depth, and I must say I have broader issues with it.

First of all, the document assumes that any content control is censorship. By the definition in section 1, even blocking the connection from a bot to its C&C center is censorship. That's way too broad.

The basic problem is that many of these techniques are also used for positive reasons, which makes it difficult to determine how to deal with them at the technical level, as any counter-technique that makes them impossible is bound to also disrupt those positive uses, creating problems to their users (see the DoH debate). 

If this is meant as possible guidance to protocol designers, it should be clear that there are policy impact evaluations to be made when designing anything that affects these points of control in one way or the other, possibly involving non-technical stakeholders in the discussion. There is a whole set of nuances and complex tradeoffs in this field, yet I don't see this in the document - it looks like a simplified, biased view of the problem that considers any content control technique negative in itself.

Also, some wording seems to assume that only public authorities are censors. In the description in section 3.1, there are statements like "Application service providers can be pressured, coerced, or legally required to censor specific content or flows of data.", or in section 3.2.3, "In addition to censorship by the state, many governments pressure content providers to censor themselves." 

But there are also cases in which Internet platforms decide to block stuff on their own, for their own business interests or company views (example: I don't think Facebook is censoring breastfeeding images due to any legal requirement or governmental pressure). In democratic countries, this is the kind of censorship that currently creates more concerns, as any legally mandated censorship comes from the democratic process and usually has at least some degree of scrutiny and transparence, while citizens have no way of controlling or even influencing the policies of a private company operating in another jurisdiction, and these policies are usually very intransparent. This kind of practices do not seem to be considered in section 3 (and by the way, there is one more point of control, client applications, which is not even mentioned).

I also find section 3 confusing in itself, since 3.1 is a list of actors and use cases, while the other sections are about technical points where information on content could be found. Perhaps 3.1 should become a section of its own, and there should be a much more nuanced discussion of the problem, before getting into the technicalities of how control can be technically applied.

Also I'm not sure about section 6 - the document is supposed to be about technical mechanisms, so what's the meaning of a "non-technical interference" section? But if you want to keep it, then there's lots of stuff missing, starting from, for example, Internet platforms shutting down accounts of people they don't like. 

A couple of weeks ago, for example, Facebook blocked the account of a European elections candidate that happened to be a descendant of Mussolini. A couple of days ago, Facebook shut down 23 pages in Italy that supported the government parties, for spreading "fake news" that, according to those who were posting them, were not fake at all. I'm not arguing that this was bad behaviour by them, but these are indeed cases of silencing someone for their political views, yet I don't see where this kind of things are covered in this document.

So, in the end: IMHO either this is made strictly technical, only describing technologies that can be used to identify and block content without assuming whether such activity is good or bad, and giving up all the non-technical bits and judgements; or it requires broadening the viewpoints and the cases it covers.

Ciao,
-- 
 
Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com 
Office @ Via Treviso 12, 10144 Torino, Italy