Re: [Pearg] comments on draft-irtf-pearg-safe-internet-measurement-08
Craig Partridge <craig.partridge@colostate.edu> Thu, 17 August 2023 17:56 UTC
Return-Path: <Craig.Partridge@colostate.edu>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99D54C151533 for <pearg@ietfa.amsl.com>; Thu, 17 Aug 2023 10:56:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.091, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xjbUs0Uh2Wjc for <pearg@ietfa.amsl.com>; Thu, 17 Aug 2023 10:56:26 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on20622.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e88::622]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2651AC14F726 for <pearg@irtf.org>; Thu, 17 Aug 2023 10:56:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RalYB9fhEHgNcaeIEeflwMgyF94/izXQr2UTdOI06zbeLMb0HRdNfZfdGOgOPvyN9SsAQeKIeQZq11TnBEyjtOkmofJu56VAA4l3i3YZnR0R/t3WMDa0L2SIp8mDpP4wTXj0TkZEgsdXP5+Faq17gndCFKl1N98nmv+T5bQYoD4pGq6bgBfm0YLVfjgYU+cadEMt1TxPzrS4M7i1yCjcfTpTe0PZ7RsZ867eEdrqEjTMJaf40fYb6xg0QLawYyMn+L33xLepBMTP+r6INXBi0I4IXm0cnUcZsxiUQtBwEtxahRf9aoj+3KZR8RWu91zKBvlQhq568ZRBwgDNucUuRA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uTjKO+s24ta/R8nDv2nGpBqvWcwShc0w83aYDxR9474=; b=URTDidFgvJrj62z8socXsoxTcqpdLqe46XQ2CJ95KLG/fDu/Rdy55yFjAVgsdijsqXFEDVUxgymqPprGN08pfppD56RHdiPMr5ydQx1dHHxWTt/glLQJU01OR5b+A17yjssb5jLe7DZSVZ4poItHkCz8DwWPAnJAZm6jwBA7Tq8xwl6PSWXYqOny8FIQRZkJDHyklHNhj2XilNNM98E+EnkjXhlFJmzVgs3PNBiCDHV6t7Jf1BK9keINWY/NxHSTsiq+gOIguF1wtrVK2cheDPPF9XSnXtr2sx/nDMGD0B97+hgQdAu+EW7ea2ePYuz2UcSb4SE1GAkQ5rPeZLjllw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=colostate.edu; dmarc=pass action=none header.from=colostate.edu; dkim=pass header.d=colostate.edu; arc=none
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=colostate.edu;
Received: from CH3PR07MB9937.namprd07.prod.outlook.com (2603:10b6:610:1bc::17) by CO1PR07MB9017.namprd07.prod.outlook.com (2603:10b6:303:160::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6678.31; Thu, 17 Aug 2023 17:56:22 +0000
Received: from CH3PR07MB9937.namprd07.prod.outlook.com ([fe80::f1c3:55ae:c41d:dca9]) by CH3PR07MB9937.namprd07.prod.outlook.com ([fe80::f1c3:55ae:c41d:dca9%3]) with mapi id 15.20.6678.029; Thu, 17 Aug 2023 17:56:22 +0000
Content-Type: multipart/alternative; boundary="------------x20WEaihWk4OhYdR2lwMLdlm"
Message-ID: <b03708aa-e0f6-4cc6-5ad7-dad1599f48e8@colostate.edu>
Date: Thu, 17 Aug 2023 11:56:20 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.14.0
Content-Language: en-US
To: Vittorio Bertola <vittorio.bertola@open-xchange.com>, pearg@irtf.org
References: <5083db3e-a36b-69ca-300b-5d250a5c6a48@colostate.edu> <794136455.29463.1692262446741@appsuite-gw2.open-xchange.com>
From: Craig Partridge <craig.partridge@colostate.edu>
In-Reply-To: <794136455.29463.1692262446741@appsuite-gw2.open-xchange.com>
X-ClientProxiedBy: CH0PR03CA0005.namprd03.prod.outlook.com (2603:10b6:610:b0::10) To CH3PR07MB9937.namprd07.prod.outlook.com (2603:10b6:610:1bc::17)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CH3PR07MB9937:EE_|CO1PR07MB9017:EE_
X-MS-Office365-Filtering-Correlation-Id: 1c3d81cc-2a47-4fac-b951-08db9f4b449b
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: WnEYak3aI9p5pVTh1ga9NOi+Mj+rin6q7HyEUXkYkkB5CkUy/3ZeavQLvDlNqrGF8NHS/Wh/o+VnVtCCbXBTAbURSK5JvFxZrtUfb0KKWnWKUjzJM+kzo9Ao8mwu1yM7On5zqV0eKN+kRIH2buYEXRmGFnhD08R2ASLdByg1ybhMVDXkSUaFURiJYkQA64x3MDbW0GjD2lGoepw0Op+emKIfmrBDPuZD5l8CqJ6jghMhqt//JqXUYFVyxy3TUB2MeprvHvU0UXQpxVYSAImfITNRpk4Mbl/j395CTkDFq5FgpcIGnpzel245vfoBY0bQ5+cxr/AFg+IoX5o5tBk3ylRc2SYaOWXg9JijUESYoBzu9m7w89kMcFO9GM/M55LqXWZ+cGSq37optLHVg4ihWDvo0JGW+Ts7fez6+PblnLmFHa/d//mckJh8OZ3CxpqEE+an5AptrF35Fdkk941D8PpqzSNC9yCKasU/XBs0WaKFdMdlNS4T7XVkObyu0p4AtBa153xtTX8+a6SoAMPF2DdAP+nzuPQRGv2KPukj3M+txlJUsvJ/Meikun9KXCDc/377zbnLllvVAIF5xktBb4lLzerjMNwRBlrjrBNOfAugv7QfUyGyMs0y03fY9SUgd51QYRJboFGkYOTvu2K9yg==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH3PR07MB9937.namprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(396003)(136003)(346002)(39860400002)(366004)(376002)(451199024)(1800799009)(186009)(31686004)(86362001)(31696002)(36756003)(38100700002)(75432002)(2616005)(5660300002)(44832011)(66556008)(478600001)(6506007)(66946007)(66476007)(33964004)(53546011)(6486002)(786003)(316002)(26005)(6512007)(8676002)(41300700001)(8936002)(66574015)(83380400001)(2906002)(43740500002)(45980500001); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: ESTrsBQefANuP+9RmorVui3xwMT04wisg6qiOhQy/qZlLx3azT4LtxX4my/LT9IOnVmDm9vjpG2eedW4yXvgt/QwtzMeLvnwPp2+luJ4kjKxbxPleHj/pvujKA0c+cMbOJzFUhHCtXkUVxwMpEjXWowIlEr7pMzczA6T5Rx9dBVOWaaQd/22jm205tGHh2DJkjWhS5pRmVCpHFqmR8RmKZAyWrBXfWVns6+dymaXHqiZZI+K3zLesZb5GwuqhYUW/7CNz/K1ho65+yxS6lvyfmF5BqU42Ac4PqWcGFROLdrLdbjltdO/1Dr6w7nC4TRLoc4g9gDGTf8cmcIPvROh6xvijWRxkuA90Ox3Fv1uNFH8pSNgWwwB4polqbbAXdacKyE86q1QchXB98x/UA9XB7Jj1anUu518sk0K5nW0ErOuzV2I3OcMkFAz2+6u0dxsQZClGAPWReb6ssd05NF5q1KE8IXw+LXvHV08JY5Z1Vc61+fhcO1LcN7rOt7+mBrNAfYxZfiHYCL9t9VI7ORU5Cbg8PuVHo0NZUFGRkZNj6x9E68e1zb7HLRG88pMTNjlfXwARdbxzWObiai0hnBWvsn/ugQDehPLyo80uQRM1n9dqFOjLhb0eD4LjeBucwcw3oWdE8LaewSAB4oM7sE009CUfB9TtHhsBWNuJdZ72T3Anzl1d82wHxfMgoBd7yhJrdvltg969pnfNVAyC4Ui75Dif1rFcOxtIBcdjQIHhNIs8aEM5zL/1/F0ZUeok1uigd0GQSfS613buP8rgbduZP+fkb1Pu8VLvgJiAiyD8RMeX1HbG/3aape+Pne2swvaMxME9bm57zOaoULjjnIofivCFzs6sjuPjicbICfuyJA7BigXEpY9R3iG8WGt73WeX1DeFfax0Ygc7QYylmWF9io8B9gqotWAMWVmMwa32/ivCmECb2LtNLtBQcgIP48q212T3oDcD2r+4JNjweDHMIbS2yIfLdGJuBHu6y/3qkGo+7rER6Y7ypXM64CrS4Ojq5xVsb9SHzRAFaiQIi96yGHab1SIIglJ9r3wvm9AjKX69HUuHvqluLzHM16ycftA9eeR4/I0c5RFP7nKnXsgmSGhIUNxGNFCuC9+bUdcgT51kEfJQnxosBJ2JEj1wbRGdl1goZ2KVG85N3mhFDwA+eDRN4A/dmLfIl/VOlHC3MzfBE9SWg0TKr4tJ2cXTWQXEYxCsX4nyixX/bi6a2NccOcxLJr4/jTuZnV5DA5+hcfAI35NtKr3lAPvrQwVDF2huuwweDInlsb1SOXxsEr91p8ZPq0khznNsBUsM3UiRfJ8QlHUOkz9uqm7e7Q0yAOSBwG5Z0jtmFiSAOqA9krNuFYJQElq+lRNi692fNUmu9GulgmuPF/7Qt1ArvJXyz2cOKCfgq/nPxr7ZVosD8rW+Q75BzH/V/y+w8M8yLno2yyy/WTJ0rRHVdzBoqjP1Ah00WGqQT/pmjvrERGo5EbhbErxLirMPcLt2cr05aSxO41WChHcx7cOzqT6RKLtdvxHK/N/d3NT3xpDOOP/nETUDxOfsIIlNz/lyKHzRCyancppmNHO//YakS7klkqQGHWVT8+3QwzIz/Zzyl/mPgE8nQ==
X-OriginatorOrg: colostate.edu
X-MS-Exchange-CrossTenant-Network-Message-Id: 1c3d81cc-2a47-4fac-b951-08db9f4b449b
X-MS-Exchange-CrossTenant-AuthSource: CH3PR07MB9937.namprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2023 17:56:22.6357 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: afb58802-ff7a-4bb1-ab21-367ff2ecfc8b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: rUdCnqKiroi5qNcG8h2/j5GzH9z2rgpyfrI9fu5Sd4zzsdODgEa8LL7sOY3ePdI3wQireTigC6paeSuTcwgF+A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR07MB9017
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/iHmJ0bWTRhusmy0oLEFlt91ptaE>
X-Mailman-Approved-At: Mon, 21 Aug 2023 02:07:21 -0700
Subject: Re: [Pearg] comments on draft-irtf-pearg-safe-internet-measurement-08
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Aug 2023 17:56:30 -0000
Yes, but you took my recommendation out of context. The larger paragraph was: Second, a lot of the concerns about active measurement center around implied consent. A number of thoughtful observers felt that efforts in the mid-2010s to understand censorship systems placed unknown individuals at risk (the experiments involved trying to send forbidden information to random IP addresses within the censored space -- with no knowledge of where those IP addresses were [e.g. someone's laptop] and thus the possibility that an individual would be flagged by the censorship system as a possible consumer of forbidden information). /I think the community still lacks a consensus, but perhaps a good starting point is that implied consent is not acceptable for active measurements that may cause harm to individuals. This allows active measurement of infrastructure (web servers, etc.) but prohibits sending active measurements to individual's devices (laptop, phone, smart watch, etc.). This would conform with Kantian edicts not to use a person for your ends without their consent./ And so I was suggesting active measurement of devices not linked to a person was OK (such as a server) but not devices that could be linked to a person. And since this is /active measurement/, which means you are sending the traffic that is being measured (you are not observing traffic, which is passive measurement), the chances of harming someone are for the most part modest. Why do I saw /for the most part modest/? Well, as Mark and I noted in the paper I sent, if I chose to send a high bandwidth stream of measurement traffic at a server, I might both disable the server [bad for its users] but also may cause enough traffic to seriously interfere with other traffic on the links - imagine an E911 (or similar emergency call) over VOIP that doesn't go through because it was dropped due congestion from large volumes of measurement traffic. But.. in any case, as a researcher, I'm not seeing a person's traffic with active measurement and, if we accept the provision to not risk harm to an individual, I should not cause a device associated with them to accept or transmit traffic that may be harmful Thanks! Craig On 8/17/23 2:54 AM, Vittorio Bertola wrote: > >> I >> think the community still lacks a consensus, but perhaps a good starting >> point is that implied consent is not acceptable for active measurements >> that may cause harm to individuals. This allows active measurement of >> infrastructure (web servers, etc.) but prohibits sending active >> measurements to individual's devices (laptop, phone, smart watch, >> etc.). This would conform with Kantian edicts not to use a person for >> your ends without their consent. > I like this, but the problem is how do you define "harm". To me, the fact that non-anonymized recordings of your personal activity on the Internet, even by purely passive means, exist somewhere is already a harm, as you never know who will (legally or illegally) gain access to that information and for which purpose. If you accept this, you conclude that every measurement activity where data are not immediately aggregated or fully anonymized (as opposed to pseudonymization, which we know doesn't work so well) needs explicit consent by each individual. Both proxy consent (which I doubt could ever be legal in Europe except in very specific conditions) and implied consent would not be acceptable. But I'm sure that many in the browser/application industry would disagree. >
- [Pearg] comments on draft-irtf-pearg-safe-interne… Craig Partridge
- Re: [Pearg] comments on draft-irtf-pearg-safe-int… Mallory Knodel
- Re: [Pearg] comments on draft-irtf-pearg-safe-int… Vittorio Bertola
- Re: [Pearg] comments on draft-irtf-pearg-safe-int… Craig Partridge