Re: [Secdispatch] Open Ethics Transparency Protocol
Eric Rescorla <ekr@rtfm.com> Sat, 12 March 2022 23:55 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96BB03A0C83 for <secdispatch@ietfa.amsl.com>; Sat, 12 Mar 2022 15:55:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O59EFtogG_eS for <secdispatch@ietfa.amsl.com>; Sat, 12 Mar 2022 15:54:55 -0800 (PST)
Received: from mail-il1-x132.google.com (mail-il1-x132.google.com [IPv6:2607:f8b0:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D00993A0C73 for <secdispatch@ietf.org>; Sat, 12 Mar 2022 15:54:54 -0800 (PST)
Received: by mail-il1-x132.google.com with SMTP id b14so8528951ilf.6 for <secdispatch@ietf.org>; Sat, 12 Mar 2022 15:54:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MESXRBy/h1vzeC5GMERGEBwPMw1Ce1/0V0/J3322Ml8=; b=Grj0Hzmu3JPgAhO2V9PJND3jtrTYFm/wYpi/HPSUU/IhVzRye306HxTbIsRNawHN46 DYt05huPWdbWXpGAjnsx6uLX7H10FjDc2/gHu3OdlAHgviS1rmV6h9uiy4xHMOkiIzpV R5tHqMDoZLxbpUuwY8dFTsMlsO04nxcgFZe7fQy/ag69cV15kz746WjrXKCBpQmsTysn reJGqB1G5pRFU/7B5n94advfw5E3IQewkDBOFQjtY6FeJECSYknkPPwxJK2yfAEZp2bZ t/onrHRAY12M4V36IYf5LRPdCnZOaoeM4V1UucxTsKeK0zSBULuQVcwTRUWA702AzrQU 5Yhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MESXRBy/h1vzeC5GMERGEBwPMw1Ce1/0V0/J3322Ml8=; b=PqCSzpyaQyM4m/VPA09IYizxoQnUWqnL/JNvjXUsohq7TSQG7kQHcrVd9nBfqfNpL2 fJwpFDfe3/n1TCioNoXGM8D7JltUliB32KECLxNzu3WP+Ky8eLFRqF7EXbPctBmU2qrs XkNPmZkNImGuWn6rl4vV3aCsvh29bD/YgEEGo5T5SbtO1pYOOWiihl8+9qcMdOuhjRxz mvTPpxDpPksCoBXmn2iXE+07EvZ5KonNYX5lYQunwRYo0HIHsyKSDxAGnkWRoM34BUg2 1j/8qkX7m6EKUL5Lbifad8ZzJQ2aQ3QB0DVTWj0nZ3AQuDRslS72/jx+9gKG3SfsIf0Q YdvA==
X-Gm-Message-State: AOAM530/iURsFpynMTkpkWvNwxXA8wecIwH3WUn2ZwDpV5Bz+FTX57Qs Jhv7pTqmdgmiI9qX+zGdOb7tTetEdmKjUwdsGgfSKA==
X-Google-Smtp-Source: ABdhPJxU8vwh8GueBLL01eCCyhzWacmmulwGX2cBC2iGOQGevkmhHWHBdUA9ac5FAo/bZ7+23dT7IY7BiLGQiStJWFg=
X-Received: by 2002:a92:c547:0:b0:2c6:5f91:e87a with SMTP id a7-20020a92c547000000b002c65f91e87amr13456475ilj.10.1647129293678; Sat, 12 Mar 2022 15:54:53 -0800 (PST)
MIME-Version: 1.0
References: <6dac86b0eb3b96490dadffdc0f1d307a@openethics.ai>
In-Reply-To: <6dac86b0eb3b96490dadffdc0f1d307a@openethics.ai>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 12 Mar 2022 15:54:17 -0800
Message-ID: <CABcZeBNHzjDB9X8HjVJCi8-kNXBcCPOcwTMtdim-oosLc+WYsw@mail.gmail.com>
To: n.lukianets@openethics.ai
Cc: art@ietf.org, IETF SecDispatch <secdispatch@ietf.org>, DISPATCH <dispatch@ietf.org>, hrpc@irtf.org
Content-Type: multipart/alternative; boundary="00000000000072ff2d05da0e2c22"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/K1hkrmxGAndsRo_C2Tl9q1rP4UE>
Subject: Re: [Secdispatch] Open Ethics Transparency Protocol
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Mar 2022 23:55:03 -0000
Leading with the [SEC]DISPATCH questions, I don't think we should do anything here. I would feel differently if there were a significantly stronger showing of general interest and more evidence that this could be practically achieved. I had a fair amount of trouble figuring out what this document was trying to achieve. My best understanding is that this is intended to be a machine-readable description of the data processing practices of a given entity. The current document seems to mix several things: - A mechanism for retrieving these statements via HTTP - A schema for the contents of these statements - A log-based transparency system The details of all of this are fairly thin and I doubt could be implemented interoperably. For instance, here's the section on Immutable storage: Both the signature integrity hash and the Disclosure SHOULD be stored in the log-centric root database and MAY be mirrored by other distributed databases for redundancy and safety. This doesn't seem to define a specific protocol. My primary question is whether this is a good idea. I have two primary concerns: 1. Is there real demand for this? 2. Is it going to work. On the former front, I'd like to hear whether there is a critical mass of sites which would publish this kind of label. AFAICT nobody has jumped in to say so on the thread. That seems like a prerequisite for any IETF activity here. On the latter piece, the main prior art that I am aware of in attempting to provide machine-readable descriptions of this sort is P3P, and I think it's generally agreed that that didn't work out. It's not clear to me that it's really possible to define a sensible taxonomy of this kind of information processing. The description of what goes in the JSON is quite thin and doesn't seem anywhere near detailed enough to understand the information processing that a given entity performs. The label generator linked to in this draft has a bunch of multiple choice questions, e.g., [ ] Open Source Code [ ] Proprietary Source Code Code development and reuse Please describe choices made for development and for use of existing code libraries. First, it's not clear why they are mutually exclusive, as I could use both. Second, it seems like nearly all the interesting information is going to be in the freeform portion, which badly undercuts the whole enterprise. -Ekr On Mon, Jan 31, 2022 at 8:13 AM <n.lukianets@openethics.ai> wrote: > Hi everyone, > Nikita Lukianets from the Open Ethics initiative here. > > I've been working on the mechanisms to enable transparency for data > collection and data processing practices for autonomous systems and > specifically, those powered by machine learning models. Since 2020 I > have started to draft a guiding document to reflect ways disclosures > could be submitted, verified, and exchanged. Eventually, I would like to > see how this work could result in an open standard. > > I've chosen IETF as a home for this work as AI-powered applications are > becoming ubiquitous. Therefore, we should start looking at them from the > internet standard and supply chain perspectives. > There's an emergent need to bring a legally-agnostic and standardized > way to describe these systems from privacy, security, fairness, > datasets, and explainability stances. > > The idea is simple > * Following the example of the food (construction, pharma, electrical > appliance) industry, we need every application to (voluntary) disclose > the "ingredients", e.g. how data is collected and outputs are produced. > * We need to have a standard way (protocol) to represent each disclosure > in human- and machine-readable formats, validate, verify and process > them. > * Complex apps will involve chaining the disclosures for the components > involved. > > > My motivation is to continue the discussion here and get feedback > allowing us to iterate on the protocol. I'd like to bring this > discussion to a relevant group or/and welcome the creation of the new > one, also potentially bringing the conversation to the IETF meeting in > Vienna. > > Below are the links with more info > Article to bring the context, in plain English > > https://lukianets.medium.com/why-algorithmic-transparency-needs-a-protocol-2b6d5098572f > > The IETF I-D > > https://datatracker.ietf.org/doc/draft-lukianets-open-ethics-transparency-protocol/ > > GitHub repo > https://github.com/OpenEthicsAI/OETP > > Thanks a lot for your help and thoughts > > > Nikita Lukianets > Founder, CTO PocketConfidant > Founder Open Ethics initiative > Twitter: @nikiluk > https://fr.linkedin.com/in/nikiluk > Schedule a 30 min call: https://lukianets.com/meet/ > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch >
- [Secdispatch] Open Ethics Transparency Protocol n.lukianets
- Re: [Secdispatch] Open Ethics Transparency Protoc… Michael Richardson
- Re: [Secdispatch] [art] Open Ethics Transparency … Larry Masinter
- Re: [Secdispatch] [hrpc] [art] Open Ethics Transp… John Curran
- Re: [Secdispatch] [hrpc] [art] Open Ethics Transp… n.lukianets
- Re: [Secdispatch] Open Ethics Transparency Protoc… Eric Rescorla
- Re: [Secdispatch] [art] Open Ethics Transparency … worley
- Re: [Secdispatch] [art] Open Ethics Transparency … Kathleen Moriarty
- Re: [Secdispatch] [art] Open Ethics Transparency … Nikita Lukianets