[Pearg] comments on draft-irtf-pearg-safe-internet-measurement-08
Craig Partridge <craig.partridge@colostate.edu> Thu, 03 August 2023 13:45 UTC
Return-Path: <Craig.Partridge@colostate.edu>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2E83C14CE46 for <pearg@ietfa.amsl.com>; Thu, 3 Aug 2023 06:45:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G98hn6Yx1nNJ for <pearg@ietfa.amsl.com>; Thu, 3 Aug 2023 06:45:07 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on20601.outbound.protection.outlook.com [IPv6:2a01:111:f400:7eae::601]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 034D5C151719 for <pearg@irtf.org>; Thu, 3 Aug 2023 06:45:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ivi1Zi5HpMrrlh2EsfIOTRcH6okeJRRoe/x+M48lDmGfUXBzsqOL+DsBiiqd6ft/1m8s7KgeKfmm5rAS21c8mP3Mf4f59DLN0XBXZMTwPM9ZMDrObEg06mWLaVJKDisYLH6eq0AfK0va7FHn3O0M0GONMBwsxbH+d0bCnwYBTGhlN+ZRkD0DNEXO2wfhobL2hs2gW86JTlmUoi6WRirCF2qFZPzD7CWz5Z370oc3wMyQ2IQgfyyHlilTuziz3emI67a78EqaVUPknXP79SvRucthvhCSbx1N5kCU3xAKo6b6ajXmq6P34FD+s61miauV4XYJsDzZBAUScLvi3V+BfQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=j8R0PvVG2clnmUuyAAkL3R13q4QxeRWQ3wGx/GnvQwU=; b=X6MHFoFS2CkO5rjyYiPIUic19R0WYl6qPcEePSKtu+wjIb5MPUDXfhXeneHoUQP0ac4FG4/NEYboB0ZPgs+87rTb7gWRsXFSXYtOxMUEVbye5IigP4IjP+u8mCEtDVWZjO4GY0hv/76K33GCrMLFmzCh7l05dh99YBxcyx+/GxZ9nEK9VjusOO/c8WYniDT8TqR/+jE3wvnO5w6yFau1mkjb5Rg7f60BC39F2pKkdTlzlnAw/7L3DhWVw3msHN9M623qlwBeEFHD0Fc+8skXTIIwVRryks96SQ+hJygYZYar1IuOCeRYlwr2wQu2laCYpAhb10gSCZ2j6k4Kk9WNrw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=colostate.edu; dmarc=pass action=none header.from=colostate.edu; dkim=pass header.d=colostate.edu; arc=none
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=colostate.edu;
Received: from CH3PR07MB9937.namprd07.prod.outlook.com (2603:10b6:610:1bc::17) by MW4PR07MB9543.namprd07.prod.outlook.com (2603:10b6:303:22d::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6631.47; Thu, 3 Aug 2023 13:44:55 +0000
Received: from CH3PR07MB9937.namprd07.prod.outlook.com ([fe80::f1c3:55ae:c41d:dca9]) by CH3PR07MB9937.namprd07.prod.outlook.com ([fe80::f1c3:55ae:c41d:dca9%3]) with mapi id 15.20.6652.020; Thu, 3 Aug 2023 13:44:55 +0000
Content-Type: multipart/mixed; boundary="------------zRSChWuZET9lPVpO59qMqX0Y"
Message-ID: <5083db3e-a36b-69ca-300b-5d250a5c6a48@colostate.edu>
Date: Thu, 03 Aug 2023 07:44:44 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.13.0
Content-Language: en-US
To: pearg@irtf.org
From: Craig Partridge <craig.partridge@colostate.edu>
X-ClientProxiedBy: CH0PR03CA0436.namprd03.prod.outlook.com (2603:10b6:610:10e::33) To CH3PR07MB9937.namprd07.prod.outlook.com (2603:10b6:610:1bc::17)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CH3PR07MB9937:EE_|MW4PR07MB9543:EE_
X-MS-Office365-Filtering-Correlation-Id: b52fa1b7-a977-4302-7f12-08db9427cd8a
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: BOx3jPHVVCOQRMwhyJv/HzMy9X505ZVE59c9+FaljPLg6QwoKUTFmDy3DpdzQ9fSxGw0CDmBhkHBsHfmqcXy4iCLtW2AelZ1u9RjmhUOc+bcoW9NazEW5gzLUgIvRBjgKOeNwSqOn1oS33jLT1NbuPbhNwaKQKXu+z+h3HdtVwslaqpSxwiCGTsjhvskFlngxTF8DSrdrNyKt7Y59d09+wehC7PaR8dqgpA7p3ZIYW4Ff5lzk6WDbydK+S3WjLGt21I3Qfv1+YgY2J2UaRPTifZMP8m/cdntgA8NKL9H/8xygn1S6wRpPgBTz6T1tgQUn+dMlucdGBcd6DFswMemGE67rRaR4xcIagtfUe0DKsTPaizxCqq6yJ6RJG98cZhc60FjgJoltOW/xz8eCPhCaxj8ETtlebsdqNq+QgMJXpNZdwrjhj3i1oqvH2lMLVKdE/aXX83qsRkK8rjagmn4Rzp37BAXekxMNpgZN5btP1GZV+vvqUb9xESoJVu7U7mjptqTu4r4tABJNnglsp2DFZW6M01fLw29/2/0ucqwU5BbTXXSS3G1102bod6o3jyjDrqoK7qUS8nubH5BwX80cA==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH3PR07MB9937.namprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(39860400002)(366004)(136003)(346002)(376002)(396003)(451199021)(31686004)(66899021)(44832011)(5660300002)(28085005)(8936002)(235185007)(8676002)(41300700001)(66946007)(66476007)(6916009)(75432002)(786003)(66556008)(316002)(2906002)(33964004)(6486002)(6666004)(6512007)(478600001)(21480400003)(38100700002)(83380400001)(31696002)(2616005)(26005)(6506007)(86362001)(36756003)(186003)(43740500002)(45980500001); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 6C6yDL97RE+cymIcgjFOBKx3hkfpPFFunXUzQCKMTgc7nou/lTj9sWHKQSdw8l3ifI12XBuv2MnJOaplto/CWBhg7UXbBu2qK58KIttCxzBO6zndvj2um4xwcBQgZ73UD/0jCMmgZxF3SoY+lrjnhBH1GgqVTwKg8LLfWN6woeBxXCXx0N7EEXtdmbIYeGtdc0WPlDchQofUOjT7s+ZEhWA2iMP8xpIFT1/BannWcuww7YHpap+B6jFIDFD+l+k3UE/XU2V+68yfP/urFmESCtuMwfX52t9axvYTWLe2DLrDk+0A2LVPpZz/hs1JWRrc476vM8LjkbELsxwEc8TYtkUVtyaPZi8tpStX1KUVMZKVxNOoZZYEMTuYBrFjGy5afXiIHxkJvv9wNlnxCAljBw63xSVO5GgqLja+HzNgvxpOWhy8gnqmNHM4EwMFXWX0v0BrxalwZMCX3x3HOsrQxWrN3kKfv2gdUrRsCHZFQm3FQsMe3GyMKs+hlbDpc2FHyhEJuwwjaEuyskZNQHff09L8Ks5BF6MZvaeqAd8dped7uNqURG6RkuAhaLpnVq27SW/xIQaFhOYbMYbiN2wu7+6rcIHiqu8YQiz14KGr5lclz81m6mTgvT49Xra9irEAZzWknuuOmY2pRBPbRVy+QP9aOnxG2qcyvbLxy9WSdehqe4DLvqbjm0gH9bexkezcK2Hgt/EULxKrs728j9firIAajN/3qSxqMUmk671ElMdtKJAe9LFC+JNjxNRNVY1s+jVTxEOcp0HZqBOg2pBYngnIcxA8DM4nHYWwm9a+qiUUJQoclRongcBl2pRXRUs9PHCUGM65DdEpw8oAtvfAt6Yj1SRW2YFAG0EMByE21+YJ2Fj5kHlgOTQaRwcaToxunPTorGONGbodDJsOrbuBZVC/g7oh+Pzs5JkPZQBrI3pxzIv1XDwpVZnNbMVaisYoBretJ0/UXoZ5LczW/I93K/0R2GgrkfXFQ2D7iQWV5Jit5R9nJWFfM7dgvArcOJv+1eyH/e9vec3v0QVAzWNeTbei9Hdbfk+sxsjXRATfnYw5QntKHb6UOmkeWWmdYSB2m5J2XxOnkpkTR5uLDDR4/H+Ln0PPyaJKczJBUfzNtKq6cdmiDPc6HA7uxHOaJ2/UYElgUjd+EEFmH27uOdgvvvmPFEd6KZidhqnV71Q99VDhZ7aQtd485/LzDLvnfQQvXkqsIi5WPDbd1dQ1p01NpmofhWVHpzFnA7+LNChK5P6tofP68R7HoqtNu2OIJgnygWHjBND+43p0Ong8O0doNQT3BwzMEcqlG1/U66MbUzFLk2xMEfoD/f2cH0NUzvw5WcLVz8jG9X65rpVTQ5d/9iIKCDE4I2i1RE0wLwbC3rPlVPF09y27zn57RDw6O+6ctIu5+HpNcfZXjznDf5tvSLj3j/LY2liFrVsHJcf/PI5jfc7QOZprmtkwMs2pfXojZ2LVd4BBprj4EpV8KD0axVLIbSSTpN5KmHbtJdvmyqdDS2BShdYMCxEGUAwXN6G0xSkoA8477N1FdRsM9sVzRAtWgt0ClKPD7ch1GnLrX/+jU5F/GSWkm/SXzBaBWSMlQAMFGO2uVF/7MAkr39k6gA==
X-OriginatorOrg: colostate.edu
X-MS-Exchange-CrossTenant-Network-Message-Id: b52fa1b7-a977-4302-7f12-08db9427cd8a
X-MS-Exchange-CrossTenant-AuthSource: CH3PR07MB9937.namprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Aug 2023 13:44:54.8478 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: afb58802-ff7a-4bb1-ab21-367ff2ecfc8b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: y5SnxUfpC7IGNKt5BIqgA2QoY2aks7EA+QjqaTlPgUnfwOhEo8FO4SYQUCYtJbbU4hwX78tuW44U4qPLYNXcnQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR07MB9543
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/ikOpAWyKqRhgxUUFHUDu9IHBxD4>
X-Mailman-Approved-At: Thu, 10 Aug 2023 01:48:00 -0700
Subject: [Pearg] comments on draft-irtf-pearg-safe-internet-measurement-08
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Aug 2023 13:46:04 -0000
An IRTFer reached out and asked me if I'd comment on this draft, given Mark Allman and I wrote a paper for Communications of the ACM several years ago on this topic (copy attached). It is a useful draft. I see a few gaps in it. First, it does not deal with sharing of measurement data. Sharing of data sets (or making them available to reviewers) is increasingly expected. Ensuring that the data is protected and that users whose information may be in the data set (even unknowingly -- we note that timing analyses have gotten better over time, so data you thought was OK, can be used to harvest unexpected information) are protected is important. One needs to be clear (and if the draft says this and I missed it, my bad) researcher sharing the data is responsible for thinking about such questions and ensuring safety would help. Second, some of the information the draft suggests removing may make it harder for third parties to audit data and I believe we need to think more carefully about that question. Second, a lot of the concerns about active measurement center around implied consent. A number of thoughtful observers felt that efforts in the mid-2010s to understand censorship systems placed unknown individuals at risk (the experiments involved trying to send forbidden information to random IP addresses within the censored space -- with no knowledge of where those IP addresses were [e.g. someone's laptop] and thus the possibility that an individual would be flagged by the censorship system as a possible consumer of forbidden information). I think the community still lacks a consensus, but perhaps a good starting point is that implied consent is not acceptable for active measurements that may cause harm to individuals. This allows active measurement of infrastructure (web servers, etc.) but prohibits sending active measurements to individual's devices (laptop, phone, smart watch, etc.). This would conform with Kantian edicts not to use a person for your ends without their consent. Third, it does not deal with using data previously collected by others using questionable techniques. (This relates to the first point). I note that, again, the larger community does not agree on this topic. (The medical community still uses data taken in concentration camps in the 1940s). But, at minimum, a recommendation to disclose that the data set is a subject of ethical concern makes sense. I would also emphasize that a lot of these rules are starting points. A thoughtful experimental protocol, reviewed by others, may find better answers that enable certain important experiments. Hoping this is useful, Craig -- ************ Professor Craig Partridge Colorado State University
- [Pearg] comments on draft-irtf-pearg-safe-interne… Craig Partridge
- Re: [Pearg] comments on draft-irtf-pearg-safe-int… Mallory Knodel
- Re: [Pearg] comments on draft-irtf-pearg-safe-int… Vittorio Bertola
- Re: [Pearg] comments on draft-irtf-pearg-safe-int… Craig Partridge