Re: [GNAP] Human rights perspective on W3C and IETF protocol interaction

Bob Wyman <> Wed, 05 January 2022 04:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E9FFB3A253B for <>; Tue, 4 Jan 2022 20:45:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.237
X-Spam-Status: No, score=-1.237 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id fa8GInbs-Ke5 for <>; Tue, 4 Jan 2022 20:45:55 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::932]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 23CB33A2539 for <>; Tue, 4 Jan 2022 20:45:55 -0800 (PST)
Received: by with SMTP id y4so10160237uad.1 for <>; Tue, 04 Jan 2022 20:45:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+afeUWCsCAStLGPv7p+DjZrFa3EkC6PnOj8sWFqfKM8=; b=QKCfCgZGFQViMOd0WE5QO24wAALhbKXFu/1TXmoxA4auBI25v99trNgmitrB91cxVg wIVFEAgxUuIWsqWQjJpV5ij7/68sAcYDGhx54m5rPa8Rmt/pro0kLvu4X/G5IASZzlnA UCLqoUUiEuShM/qBxS6Ih5dwNWs03znS/QRtU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+afeUWCsCAStLGPv7p+DjZrFa3EkC6PnOj8sWFqfKM8=; b=c9i/xpgJuxr9g2yXLYD0HjdnoFfHdbTgQZjdqHp3Jo01OiwXuw2GDT9aoBpFk/6XEe wa8Q30XWFE2UrHwjVsohXv3oQ0PfyldBm9AXnfYAzkEYxYMoaEtgX8CQWbGBaQ66Q6EX Xc+K4S6HDClV73yZ1bGoYHYYjuAW27NWtV8nN5Ku8AU9+kidpSKODVgwjIMbQ72mGcjY mJFicL4YJcC5Q/fYS5Kunuu9qUfKY5I941pqpEJe44gIE9QET2R02wToebDwNajYsZ69 qmlj5pZT6IoX4jt3GxjMWmsfToizAiAvLj5vhyFCtCtZwTUC1GajbFISFf3bbKVTnQT2 1BAw==
X-Gm-Message-State: AOAM5319vKtqG4hwNFtnrjkcIebHxkMG/irINKFfjo9c6txGCeZRW+wi feedKj2l93UAhiCPTWAbRXunobS31DP3/fxbQrc=
X-Google-Smtp-Source: ABdhPJzMRKGyPzwFY1h1dx46Qs3AT+cTA5k2caRwkMKseGtR6imQr4lnTN5MMvXWfjd7s2l+Guzb1sQ358TPT9M13J0=
X-Received: by 2002:a67:d019:: with SMTP id r25mr16027256vsi.84.1641357953414; Tue, 04 Jan 2022 20:45:53 -0800 (PST)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: Bob Wyman <>
Date: Tue, 04 Jan 2022 23:45:42 -0500
Message-ID: <>
To: Adrian Gropper <>
Cc: GNAP Mailing List <>, W3C Credentials Community Group <>
Content-Type: multipart/alternative; boundary="000000000000c338ed05d4ce6d9f"
Archived-At: <>
Subject: Re: [GNAP] Human rights perspective on W3C and IETF protocol interaction
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 05 Jan 2022 04:46:00 -0000

Given that you're starting a new thread, I would appreciate it if you could
do some context setting and clarifying:

   - *What do you mean by "Human Rights?" *Hopefully, you won't consider
   that a foolish question. The issue is, of course, that since Internet
   standards are developed in a multicultural, multinational context, it isn't
   obvious, without reference to some external authority, what a
   standards group should classify as a human right. Different cultures and
   governments tend to differ on this subject... As far as I know, the "best"
   source of what might be considered a broad consensus definition of human
   rights is found in the UN's 1948 Universal Declaration of Human Rights
      - Does the UDHR contain the full set of rights that you think should
      be addressed by standards groups? If not, are there additional
rights that
      you think should be considered?
      - In his document, Human Rights Are Not a Bug
      Niels ten Oever refers to the UN Guiding Principles for Business and
      Human Rights
      which adds to the rights enumerated in the UDHR a number of additional
      rights described in the International Labour Organization’s Declaration
      on Fundamental Principles and Rights at Work
      <>. Given that you
      appear to endorse ten Oever's report, do you also propose the
same combined
      set of rights? (ie. UDHR + ILO DFPRW?)
      - Some have argued that the Internet introduces a need to recognize
      rights that have not yet been enumerated either in the UDHR or
in any other
      broadly accepted documents. If this is the case, how is a standards group
      to determine what set of rights they must respect?
   - *What specific aspects of the issues being addressed by this community
   group give rise to human rights issues?* Also, if you accept that one or
   some number of documents contain a useful list of such rights, can you
   identify which specific, enumerated rights are at risk? (e.g. if the UDHR
   is the foundation text, then I assume privacy issues would probably be
   considered in the context of the UDHR's Article 12
   - *Are you suggesting that this group should formally address the issue
   of rights*, with some sort of process, or just that we should be aware
   of the issues?
      - ten Oever suggests that "Those who design, standardize, and
      maintain the infrastructure on which we run our information societies,
      should assess their actions, processes, and technologies on
their societal
      impact." You apparently agree. Can you say how this should be done?
      - The UN Guiding Principles for Business and Human Rights describe a
      number of procedural steps that should be taken by either governments or
      corporations. Are you aware of a similar procedural description
that would
      apply to standards groups?
      - I think it was in the video that it was suggested that, in
      Internet standards documents, "a section on human rights considerations
      should become as normal as one on security considerations." Do you agree?
      If so, can you suggest how such a section would be written?

bob wyman

On Tue, Jan 4, 2022 at 9:05 PM Adrian Gropper <>

> This is a new thread for a new year to inspire deeper cooperation between
> W3C and IETF. This is relevant to our formal objection issues in W3C DID as
> well as the harmonization of IETF SECEVENT DIDs and GNAP with ongoing
> protocol work in W3C and DIF.
> The Ford Foundation paper attached provides the references. However, this
> thread should not be about governance philosophy but rather a focus on
> human rights as a design principle as we all work on protocols that will
> drive adoption of W3C VCs and DIDs at Internet scale.
> says:
> *Human rights are not a bug*
>> Decisions made by engineers in internet standards bodies (such as IETF
>> <> and W3C <>) have a large
>> influence on internet technology, which in turn influences people’s lives —
>> people whose needs may or may not have been taken into account. In the
>> report Human Rights Are Not a Bug
>> <>
>>  (see also its launch event
>> <>),
>> Niels ten Oever asks *“how internet governance processes could be
>> updated to deeply embed the public interest in governance decisions and in
>> decision-making culture”*.
>> “Internet governance organizations maintain a distinct governance
>> philosophy: to be consensus-driven and resistant to centralized
>> institutional authority over the internet. But these fundamental values
>> have limitations that leave the public interest dangerously neglected in
>> governance processes. In this consensus culture, the lack of institutional
>> authority grants disproportionate power to the dominant corporate
>> participants. While the governance bodies are open to non-industry members,
>> they are essentially forums for voluntary industry self-regulation. Voices
>> advocating for the public interest are at best limited and at worst absent.”
>> The report describes how standards bodies, IETF in particular, focus
>> narrowly on facilitating interconnection between systems, so that *“many
>> rights-related topics such as privacy, free expression or exclusion are
>> deemed “too political””*; this came hand in hand with the culture of
>> techno-optimism:
>> “There was a deeply entrenched assumption that the internet is an engine
>> for good—that interconnection and rough consensus naturally promote
>> democratization and that the open, distributed design of the network can by
>> itself limit the concentration of power into oligopolies.
>> This has not proved to be the case.”
>> To improve internet governance, the report recommends involving all
>> stakeholders in decision procedures, and adopting human rights impact
>> assessments (a section on *human rights considerations* should become as
>> normal as one on *security considerations*).
>> The report only briefly touches what seems an important point: that
>> existing governance bodies may become altogether irrelevant as both tech
>> giants and governments move on without them:
>> “Transnational corporations and governments have the power to drive
>> internet infrastructure without the existing governance bodies, through new
>> technologies that set de facto standards and laws that govern “at” the
>> internet not “with” it.”
>> How much would having more diverse stakeholders around the table help,
>> when ultimately Google decides whether and how a standard will be
>> implemented, or founds a ‘more effective’ standardisation body instead?
> Our work over the next few months is unbelievably important,
> - Adrian