Re: [perpass] politics and the ietf

Hannes Tschofenig <> Thu, 05 December 2013 10:53 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 473FA1ADF34 for <>; Thu, 5 Dec 2013 02:53:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.851
X-Spam-Status: No, score=-0.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_12_24=1.049, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id uJqryeCYIJK7 for <>; Thu, 5 Dec 2013 02:53:45 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 0E4F21ADF22 for <>; Thu, 5 Dec 2013 02:53:45 -0800 (PST)
Received: from [] ([]) by (mrgmx001) with ESMTPSA (Nemesis) id 0MGAdz-1Vm4F11OOF-00FAlR for <>; Thu, 05 Dec 2013 11:53:41 +0100
Message-ID: <>
Date: Wed, 04 Dec 2013 20:24:52 +0000
From: Hannes Tschofenig <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.1
MIME-Version: 1.0
To: Robin Wilton <>, Elijah Sparrow <>
References: <20131205072546.2740.2142915422.0@crow> <>
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------030901050204020807080902"
X-Provags-ID: V03:K0:Iho1e0g8qPBRH2V27y1E0Ig+VGQt5WkNa8bzMXbsnDajf4H880W CvYByRP6RI0UcUHVV/bhKpdHswBi3lRAeSnn9UbirraV+XXdz5/Un55gPavzmgIB4WLDAHS rA25YwEqb5iDpo5l6j0wPOdBnDmmTa713/nycLnw1x+jWcj/hgJeyATFlQA0hg+kiVnmqOP GS7AFJGrqsVmEwEjkeqNQ==
Cc: "" <>
Subject: Re: [perpass] politics and the ietf
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 05 Dec 2013 10:53:48 -0000

Robin, Elijah,

I am always curious how one manages to make a clear distinction between
political decisions, technical decisions, economical decisions, and
other decisions.

The perception that "in the early days of the Internet" the decisions
were purely technical as too simplistic. If you look at specific
decisions of individuals in the IETF it is hard to put them into
specific categories. Even if you believe you see a purely technical
decision it may have economical implications, or at some time interfere
with other design goals. Take the HTTP state management work as an
example. The introduction of cookies was a technical mechanism to keep
state for the otherwise mostly stateless HTTP protocol. As we now know,
the way how cookies have been used later by various Web companies lead
to privacy concerns. This lead to the famous technical work on Do Not
Track, which has technical components, business implications, and raises
legal questions. 

I wouldn't call the discussions on the list necessarily as "political"
but rather non-actionable statements. Here is what I mean by that.

Some of us try to take specific actions and that requires that you
identify who needs to do what. There are things the IETF can do, but
there are other communities as well. I tried to explain a simplified
version of the Internet protocol development process in As
you can see different communities deal with different type of security
vulnerabilities. Security problems are not a new thing - just check the
OWASP top-10 security vulnerabilities of the last couple of years. These
vulnerabilities are obviously be exploited by various folks (state
actors, criminals, script kiddies, researchers, enterprise network
administrators, etc.). A software that is vulnerable to, let's say, an
SQL injection vulnerability is unfortunately not kind enough to take the
motives, the organization, the hair colour, etc. of the attacker into

Of course it would be possible to could come up with suggestions for
other communities. But you have to start somewhere first. I don't see it
as my task, for example, to tell the European Commission, the European
Parliament, or the Council what they should be doing. I doubt that the
IETF community would be interested in producing such recommendations.

For everyone on the list who believes that regulators should take some
actions then they should just approach them. It is just lame to say that
others should do some work without even providing enough detail about
what they should be doing.


PS: I dislike the use of the term "politics", "policy makers", and
alike. It just hides what you are really trying to say. Use other, more
specific terms instead. For example, if you believe there is an action
required by regulators then say "regulator". If you mean that the job is
with enforcement agencies then say that.

On 12/05/2013 09:55 AM, Robin Wilton wrote:
> Thanks Elijah, this is a very useful perspective on the whole question of technologists' role - especially when the technology in question is so woven into our political, economic and personal lives.
> As you say, much of the work of the IETF has an inescapably political dimension - whether we choose to acknowledge that ourselves, or have it thrust upon us (Dual_EC_DRBG being a case in point). 
> I apologise for re-using a well-worn phrase, but I think this reinforces the argument in favour of an open, multi-stakeholder process. That doesn't mean forcing economists and policymakers into the drafting sessions for RFCs, but it does mean creating a process that can take their (and others') input into account - and being able to articulate what we do in terms that make sense to other stakeholders.
> That approach isn't a guarantee against 'bad actors' exploiting the open nature of the process for their own ends, but compared to alternative ways of architecting and governing the Internet, it offers the best prospects of detecting and mitigating that kind of harm.
> Best wishes,
> Robin
> Robin Wilton
> Technical Outreach Director - Identity and Privacy
> On 5 Dec 2013, at 07:25, Elijah Sparrow <> wrote:
>> As an outsider to the IETF, and one-time sociologist, I found the repeated calls in Vancouver 88 and on this list for decisions to be made based solely on technical merit and not political argument to be extremely fascinating.
>> There was once a time when the design of a protocol or standard could be done in a manner that benefited nearly everyone who might be touched by it. These days are surely past. Nearly every single debate or question that has come up on this list is deeply political, if for no other reason than whatever decisions are made will create winners and losers, people who benefit from the choice and people who are harmed by the choice.
>> In the sweep of history, information capitalism has come to a moment of truth, where the material infrastructure that the IETF and technologists the world around have helped to create has now matured into both an economic engine and a state intelligence system based on mass surveillance. Perhaps the most distinguishing political debate of our time is how the power of the state and of business with respect to citizens and customers has been radically transformed under this new regime of ubiquitous surveillance. Obviously, I feel a particular way about this, but I am just stating the obvious: these issues are deeply political because the fragile balance of powers in liberal democracy and in our capitalist economies have been inexorably rocked by technological changes.
>> In this context, the question of "how much encryption" is a technical question that is also deeply intertwined with the major political debates of our day. One only has to note the major headlines around the world about the ietf calls for encryption in http 2.0. How often have ietf meetings garnered such global coverage?
>> Scientists and engineers are often forced into political arenas without their desire or foresight. Take, for example, the history of genomics, climate change, or nuclear physics. Historically, the scientists and engineers have clung desperately to the cloak of objective science, even as their work took on increasingly obvious political ramifications. My hope for the internet is that we could perhaps bypass such silliness and embrace the obvious political nature of our work. Being honest with ourselves does not push anyone toward any particular technical or political stance, except that perhaps we can be more transparent in our justifications.
>> In the immortal words of Voltaire, and Spiderman, with great power comes great responsibility.
>> -elijah
>> --
>> I prefer encrypted email -
>> _______________________________________________
>> perpass mailing list
> _______________________________________________
> perpass mailing list