Re: [perpass] politics and the ietf
Harry Halpin <hhalpin@w3.org> Thu, 05 December 2013 13:47 UTC
Return-Path: <hhalpin@w3.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 381E71ADFE2 for <perpass@ietfa.amsl.com>; Thu, 5 Dec 2013 05:47:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.902
X-Spam-Level:
X-Spam-Status: No, score=-6.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tYut5W5NjCJl for <perpass@ietfa.amsl.com>; Thu, 5 Dec 2013 05:47:02 -0800 (PST)
Received: from jay.w3.org (ssh.w3.org [128.30.52.60]) by ietfa.amsl.com (Postfix) with ESMTP id 34C441ADF99 for <perpass@ietf.org>; Thu, 5 Dec 2013 05:46:58 -0800 (PST)
Received: from 155.210.19.93.rev.sfr.net ([93.19.210.155] helo=[192.168.1.93]) by jay.w3.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <hhalpin@w3.org>) id 1VoZGV-0000dP-7D; Thu, 05 Dec 2013 08:46:51 -0500
Message-ID: <52A083C2.3030405@w3.org>
Date: Thu, 05 Dec 2013 14:46:42 +0100
From: Harry Halpin <hhalpin@w3.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.1.1
MIME-Version: 1.0
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Robin Wilton <wilton@isoc.org>, Elijah Sparrow <elijah@bitmask.net>
References: <20131205072546.2740.2142915422.0@crow> <F979A3D1-0084-4DDF-8E16-9F063BE0295F@isoc.org> <529F8F94.3020506@gmx.net>
In-Reply-To: <529F8F94.3020506@gmx.net>
Content-Type: multipart/alternative; boundary="------------040803070708010608090505"
Cc: "perpass@ietf.org" <perpass@ietf.org>
Subject: Re: [perpass] politics and the ietf
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Dec 2013 13:47:07 -0000
On 12/04/2013 09:24 PM, Hannes Tschofenig wrote: > Robin, Elijah, > > I am always curious how one manages to make a clear distinction > between political decisions, technical decisions, economical > decisions, and other decisions. Political decisions have to deal with sovereignty: Who makes binding decisions. I think what has escaped lots of folks in Internet governance is that now the Internet is at the centre of rather important political struggles over decision-making. The problem is "who" is making these decisions. Right now, for standards it's an open multi-stakeholder process that at least we who are involved in places like the IETF believes make technical decisions, but these decisions only have binding force insofar as they provide enough economic advantage that vendors implement them uniformly. However, we should never forget that the very process of making decisions means that standards bodies are *always* political in this large sense of making decisions. After all, it is very possible that some vendors and countries can go away and make their own decisions without the traditional Internet open and voluntary standards bodies, and bind their new technologies via the threat of coercive violence. While we have name-calling on IETF mailing lists, I'm not aware of coercive violence anywhere. I'm hoping we can bear the responsibility of creating an Internet free of pervasive surveillance. And we should be aware that even if we are successful in this, other pre-Internet political bodies ranging from nation-states to vendors will try to strip out whatever safeguards we try to put in in order to continue the value they gain from surveillance. A conflict between different bodies, each with its own plans for the future and its own overlapping sphere of decision-making, is self-evidently a political struggle. > > The perception that "in the early days of the Internet" the decisions > were purely technical as too simplistic. If you look at specific > decisions of individuals in the IETF it is hard to put them into > specific categories. Even if you believe you see a purely technical > decision it may have economical implications, or at some time > interfere with other design goals. Take the HTTP state management work > as an example. The introduction of cookies was a technical mechanism > to keep state for the otherwise mostly stateless HTTP protocol. As we > now know, the way how cookies have been used later by various Web > companies lead to privacy concerns. This lead to the famous technical > work on Do Not Track, which has technical components, business > implications, and raises legal questions. In the "early days" of the Internet, to my knowlege, the Internet was more of a research project amongst co-operative researchers at places like MIT, SRI, and CERN with the Web so security and privacy concerns were minimal at best. I'm not sure what else can explain early RFCs :) Obviously this has changed, and now folks have to retro-fit these security on top the system. > > I wouldn't call the discussions on the list necessarily as "political" > but rather non-actionable statements. Here is what I mean by that. > > Some of us try to take specific actions and that requires that you > identify who needs to do what. There are things the IETF can do, but > there are other communities as well. I tried to explain a simplified > version of the Internet protocol development process in > http://www.ietf.org/id/draft-tschofenig-perpass-surveillance-01.txt. > As you can see different communities deal with different type of > security vulnerabilities. Security problems are not a new thing - just > check the OWASP top-10 security vulnerabilities of the last couple of > years. These vulnerabilities are obviously be exploited by various > folks (state actors, criminals, script kiddies, researchers, > enterprise network administrators, etc.). A software that is > vulnerable to, let's say, an SQL injection vulnerability is > unfortunately not kind enough to take the motives, the organization, > the hair colour, etc. of the attacker into account. > > Of course it would be possible to could come up with suggestions for > other communities. But you have to start somewhere first. I don't see > it as my task, for example, to tell the European Commission, the > European Parliament, or the Council what they should be doing. I doubt > that the IETF community would be interested in producing such > recommendations. I think they'd want to create broad mandates based on policy decisions (hopefully made with consent or even involvement of general population) that then are respected by the details of technical standards bodies. Of course, that's not usually how it works in practice with governments, who tend to either overspecify technical details or do not actually represent the consent of their population in any meaningful sense of the term. > > For everyone on the list who believes that regulators should take some > actions then they should just approach them. It is just lame to say > that others should do some work without even providing enough detail > about what they should be doing. > > Ciao > Hannes > > PS: I dislike the use of the term "politics", "policy makers", and > alike. It just hides what you are really trying to say. Use other, > more specific terms instead. For example, if you believe there is an > action required by regulators then say "regulator". If you mean that > the job is with enforcement agencies then say that. In general, regulators are at the bequest of their government, who at the present moment is often in thrall of lobbies that prevent anything resembling effective regulation. There are political processes that do not have regulatory power per se but have the power to nonetheless mobilize actors (thinking ACTA/SOPA protests) that have the ability to change the decisions of sovereign bodies. So I don't think "politics" is the wrong word or empty word. Hopefully the IETF - with the help of ISOC of course - and others can continue to interface open, meritocratic political Internet processes with traditional per-Internet political actors. cheers, harry > > On 12/05/2013 09:55 AM, Robin Wilton wrote: >> Thanks Elijah, this is a very useful perspective on the whole question of technologists' role - especially when the technology in question is so woven into our political, economic and personal lives. >> >> As you say, much of the work of the IETF has an inescapably political dimension - whether we choose to acknowledge that ourselves, or have it thrust upon us (Dual_EC_DRBG being a case in point). >> >> I apologise for re-using a well-worn phrase, but I think this reinforces the argument in favour of an open, multi-stakeholder process. That doesn't mean forcing economists and policymakers into the drafting sessions for RFCs, but it does mean creating a process that can take their (and others') input into account - and being able to articulate what we do in terms that make sense to other stakeholders. >> >> That approach isn't a guarantee against 'bad actors' exploiting the open nature of the process for their own ends, but compared to alternative ways of architecting and governing the Internet, it offers the best prospects of detecting and mitigating that kind of harm. >> >> Best wishes, >> >> Robin >> >> >> >> Robin Wilton >> >> Technical Outreach Director - Identity and Privacy >> >> On 5 Dec 2013, at 07:25, Elijah Sparrow<elijah@bitmask.net> wrote: >> >>> As an outsider to the IETF, and one-time sociologist, I found the repeated calls in Vancouver 88 and on this list for decisions to be made based solely on technical merit and not political argument to be extremely fascinating. >>> >>> There was once a time when the design of a protocol or standard could be done in a manner that benefited nearly everyone who might be touched by it. These days are surely past. Nearly every single debate or question that has come up on this list is deeply political, if for no other reason than whatever decisions are made will create winners and losers, people who benefit from the choice and people who are harmed by the choice. >>> >>> In the sweep of history, information capitalism has come to a moment of truth, where the material infrastructure that the IETF and technologists the world around have helped to create has now matured into both an economic engine and a state intelligence system based on mass surveillance. Perhaps the most distinguishing political debate of our time is how the power of the state and of business with respect to citizens and customers has been radically transformed under this new regime of ubiquitous surveillance. Obviously, I feel a particular way about this, but I am just stating the obvious: these issues are deeply political because the fragile balance of powers in liberal democracy and in our capitalist economies have been inexorably rocked by technological changes. >>> >>> In this context, the question of "how much encryption" is a technical question that is also deeply intertwined with the major political debates of our day. One only has to note the major headlines around the world about the ietf calls for encryption in http 2.0. How often have ietf meetings garnered such global coverage? >>> >>> Scientists and engineers are often forced into political arenas without their desire or foresight. Take, for example, the history of genomics, climate change, or nuclear physics. Historically, the scientists and engineers have clung desperately to the cloak of objective science, even as their work took on increasingly obvious political ramifications. My hope for the internet is that we could perhaps bypass such silliness and embrace the obvious political nature of our work. Being honest with ourselves does not push anyone toward any particular technical or political stance, except that perhaps we can be more transparent in our justifications. >>> >>> In the immortal words of Voltaire, and Spiderman, with great power comes great responsibility. >>> >>> -elijah >>> >>> -- >>> I prefer encrypted email -https://bitmask.net/key/elijah. >>> _______________________________________________ >>> perpass mailing list >>> perpass@ietf.org >>> https://www.ietf.org/mailman/listinfo/perpass >> _______________________________________________ >> perpass mailing list >> perpass@ietf.org >> https://www.ietf.org/mailman/listinfo/perpass > > > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass
- Re: [perpass] politics and the ietf SM
- Re: [perpass] politics and the ietf Stephane Bortzmeyer
- [perpass] politics and the ietf Elijah Sparrow
- Re: [perpass] politics and the ietf Robin Wilton
- Re: [perpass] politics and the ietf Hannes Tschofenig
- Re: [perpass] politics and the ietf Ted Lemon
- Re: [perpass] politics and the ietf Harry Halpin
- Re: [perpass] politics and the ietf Phillip Hallam-Baker
- Re: [perpass] politics and the ietf Edward Lopez
- Re: [perpass] politics and the ietf Paul Ferguson
- Re: [perpass] politics and the ietf Elijah Sparrow
- Re: [perpass] politics and the ietf Stephen Kent