From nobody Tue Jan  4 20:46:02 2022
Return-Path: <bobwyman@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id E9FFB3A253B
 for <txauth@ietfa.amsl.com>; Tue,  4 Jan 2022 20:45:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.237
X-Spam-Level: 
X-Spam-Status: No, score=-1.237 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25,
 FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25,
 HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
 header.d=wyman.us
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id fa8GInbs-Ke5 for <txauth@ietfa.amsl.com>;
 Tue,  4 Jan 2022 20:45:55 -0800 (PST)
Received: from mail-ua1-x932.google.com (mail-ua1-x932.google.com
 [IPv6:2607:f8b0:4864:20::932])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 23CB33A2539
 for <txauth@ietf.org>; Tue,  4 Jan 2022 20:45:55 -0800 (PST)
Received: by mail-ua1-x932.google.com with SMTP id y4so10160237uad.1
 for <txauth@ietf.org>; Tue, 04 Jan 2022 20:45:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wyman.us; s=google;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=+afeUWCsCAStLGPv7p+DjZrFa3EkC6PnOj8sWFqfKM8=;
 b=QKCfCgZGFQViMOd0WE5QO24wAALhbKXFu/1TXmoxA4auBI25v99trNgmitrB91cxVg
 wIVFEAgxUuIWsqWQjJpV5ij7/68sAcYDGhx54m5rPa8Rmt/pro0kLvu4X/G5IASZzlnA
 UCLqoUUiEuShM/qBxS6Ih5dwNWs03znS/QRtU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=+afeUWCsCAStLGPv7p+DjZrFa3EkC6PnOj8sWFqfKM8=;
 b=c9i/xpgJuxr9g2yXLYD0HjdnoFfHdbTgQZjdqHp3Jo01OiwXuw2GDT9aoBpFk/6XEe
 wa8Q30XWFE2UrHwjVsohXv3oQ0PfyldBm9AXnfYAzkEYxYMoaEtgX8CQWbGBaQ66Q6EX
 Xc+K4S6HDClV73yZ1bGoYHYYjuAW27NWtV8nN5Ku8AU9+kidpSKODVgwjIMbQ72mGcjY
 mJFicL4YJcC5Q/fYS5Kunuu9qUfKY5I941pqpEJe44gIE9QET2R02wToebDwNajYsZ69
 qmlj5pZT6IoX4jt3GxjMWmsfToizAiAvLj5vhyFCtCtZwTUC1GajbFISFf3bbKVTnQT2
 1BAw==
X-Gm-Message-State: AOAM5319vKtqG4hwNFtnrjkcIebHxkMG/irINKFfjo9c6txGCeZRW+wi
 feedKj2l93UAhiCPTWAbRXunobS31DP3/fxbQrc=
X-Google-Smtp-Source: ABdhPJzMRKGyPzwFY1h1dx46Qs3AT+cTA5k2caRwkMKseGtR6imQr4lnTN5MMvXWfjd7s2l+Guzb1sQ358TPT9M13J0=
X-Received: by 2002:a67:d019:: with SMTP id r25mr16027256vsi.84.1641357953414; 
 Tue, 04 Jan 2022 20:45:53 -0800 (PST)
MIME-Version: 1.0
References: <CANYRo8i=H3p23boH4OQ6sCXds8ADqaizwDHebE6-xMP2mZ5QEg@mail.gmail.com>
In-Reply-To: <CANYRo8i=H3p23boH4OQ6sCXds8ADqaizwDHebE6-xMP2mZ5QEg@mail.gmail.com>
From: Bob Wyman <bob@wyman.us>
Date: Tue, 4 Jan 2022 23:45:42 -0500
Message-ID: <CAA1s49VWs_Qe9qryJOwWG4oHTS6Wa-6p6jAVSDT6Vqn4cwdUwQ@mail.gmail.com>
To: Adrian Gropper <agropper@healthurl.com>
Cc: GNAP Mailing List <txauth@ietf.org>, 
 W3C Credentials Community Group <public-credentials@w3.org>
Content-Type: multipart/alternative; boundary="000000000000c338ed05d4ce6d9f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/y4SSkraOHsnNLoPtjxw0c2KvN8s>
Subject: Re: [GNAP] Human rights perspective on W3C and IETF protocol
 interaction
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>,
 <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>,
 <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jan 2022 04:46:00 -0000

--000000000000c338ed05d4ce6d9f
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Adrian,
Given that you're starting a new thread, I would appreciate it if you could
do some context setting and clarifying:

   - *What do you mean by "Human Rights?" *Hopefully, you won't consider
   that a foolish question. The issue is, of course, that since Internet
   standards are developed in a multicultural, multinational context, it is=
n't
   obvious, without reference to some external authority, what a
   standards group should classify as a human right. Different cultures and
   governments tend to differ on this subject... As far as I know, the "bes=
t"
   source of what might be considered a broad consensus definition of human
   rights is found in the UN's 1948 Universal Declaration of Human Rights
   <https://www.un.org/en/about-us/universal-declaration-of-human-rights>
    (UDHR).
      - Does the UDHR contain the full set of rights that you think should
      be addressed by standards groups? If not, are there additional
rights that
      you think should be considered?
      - In his document, Human Rights Are Not a Bug
      <https://www.fordfoundation.org/work/learning/research-reports/human-=
rights-are-not-a-bug-upgrading-governance-for-an-equitable-internet/>,
      Niels ten Oever refers to the UN Guiding Principles for Business and
      Human Rights
      <https://www.ohchr.org/documents/publications/guidingprinciplesbusine=
sshr_en.pdf>,
      which adds to the rights enumerated in the UDHR a number of additiona=
l
      rights described in the International Labour Organization=E2=80=99s D=
eclaration
      on Fundamental Principles and Rights at Work
      <https://www.ilo.org/declaration/lang--en/index.htm>. Given that you
      appear to endorse ten Oever's report, do you also propose the
same combined
      set of rights? (ie. UDHR + ILO DFPRW?)
      - Some have argued that the Internet introduces a need to recognize
      rights that have not yet been enumerated either in the UDHR or
in any other
      broadly accepted documents. If this is the case, how is a standards g=
roup
      to determine what set of rights they must respect?
   - *What specific aspects of the issues being addressed by this community
   group give rise to human rights issues?* Also, if you accept that one or
   some number of documents contain a useful list of such rights, can you
   identify which specific, enumerated rights are at risk? (e.g. if the UDH=
R
   is the foundation text, then I assume privacy issues would probably be
   considered in the context of the UDHR's Article 12
   <https://www.un.org/en/about-us/universal-declaration-of-human-rights#:~=
:text=3DArticle%2012,interference%20or%20attacks.>
   .)
   - *Are you suggesting that this group should formally address the issue
   of rights*, with some sort of process, or just that we should be aware
   of the issues?
      - ten Oever suggests that "Those who design, standardize, and
      maintain the infrastructure on which we run our information societies=
,
      should assess their actions, processes, and technologies on
their societal
      impact." You apparently agree. Can you say how this should be done?
      - The UN Guiding Principles for Business and Human Rights describe a
      number of procedural steps that should be taken by either governments=
 or
      corporations. Are you aware of a similar procedural description
that would
      apply to standards groups?
      - I think it was in the video that it was suggested that, in
      Internet standards documents, "a section on human rights consideratio=
ns
      should become as normal as one on security considerations." Do you ag=
ree?
      If so, can you suggest how such a section would be written?

bob wyman


On Tue, Jan 4, 2022 at 9:05 PM Adrian Gropper <agropper@healthurl.com>
wrote:

> This is a new thread for a new year to inspire deeper cooperation between
> W3C and IETF. This is relevant to our formal objection issues in W3C DID =
as
> well as the harmonization of IETF SECEVENT DIDs and GNAP with ongoing
> protocol work in W3C and DIF.
>
> The Ford Foundation paper attached provides the references. However, this
> thread should not be about governance philosophy but rather a focus on
> human rights as a design principle as we all work on protocols that will
> drive adoption of W3C VCs and DIDs at Internet scale.
>
> https://redecentralize.org/redigest/2021/08/ says:
>
> *Human rights are not a bug*
>> Decisions made by engineers in internet standards bodies (such as IETF
>> <https://www.ietf.org/> and W3C <https://www.w3.org/>) have a large
>> influence on internet technology, which in turn influences people=E2=80=
=99s lives =E2=80=94
>> people whose needs may or may not have been taken into account. In the
>> report Human Rights Are Not a Bug
>> <https://www.fordfoundation.org/work/learning/research-reports/human-rig=
hts-are-not-a-bug-upgrading-governance-for-an-equitable-internet/>
>>  (see also its launch event
>> <https://www.youtube.com/embed/qyYETzXJqmc?rel=3D0&iv_load_policy=3D3&mo=
destbranding=3D1&autoplay=3D1>),
>> Niels ten Oever asks *=E2=80=9Chow internet governance processes could b=
e
>> updated to deeply embed the public interest in governance decisions and =
in
>> decision-making culture=E2=80=9D*.
>> =E2=80=9CInternet governance organizations maintain a distinct governanc=
e
>> philosophy: to be consensus-driven and resistant to centralized
>> institutional authority over the internet. But these fundamental values
>> have limitations that leave the public interest dangerously neglected in
>> governance processes. In this consensus culture, the lack of institution=
al
>> authority grants disproportionate power to the dominant corporate
>> participants. While the governance bodies are open to non-industry membe=
rs,
>> they are essentially forums for voluntary industry self-regulation. Voic=
es
>> advocating for the public interest are at best limited and at worst abse=
nt.=E2=80=9D
>> The report describes how standards bodies, IETF in particular, focus
>> narrowly on facilitating interconnection between systems, so that *=E2=
=80=9Cmany
>> rights-related topics such as privacy, free expression or exclusion are
>> deemed =E2=80=9Ctoo political=E2=80=9D=E2=80=9D*; this came hand in hand=
 with the culture of
>> techno-optimism:
>> =E2=80=9CThere was a deeply entrenched assumption that the internet is a=
n engine
>> for good=E2=80=94that interconnection and rough consensus naturally prom=
ote
>> democratization and that the open, distributed design of the network can=
 by
>> itself limit the concentration of power into oligopolies.
>> This has not proved to be the case.=E2=80=9D
>> To improve internet governance, the report recommends involving all
>> stakeholders in decision procedures, and adopting human rights impact
>> assessments (a section on *human rights considerations* should become as
>> normal as one on *security considerations*).
>> The report only briefly touches what seems an important point: that
>> existing governance bodies may become altogether irrelevant as both tech
>> giants and governments move on without them:
>> =E2=80=9CTransnational corporations and governments have the power to dr=
ive
>> internet infrastructure without the existing governance bodies, through =
new
>> technologies that set de facto standards and laws that govern =E2=80=9Ca=
t=E2=80=9D the
>> internet not =E2=80=9Cwith=E2=80=9D it.=E2=80=9D
>> How much would having more diverse stakeholders around the table help,
>> when ultimately Google decides whether and how a standard will be
>> implemented, or founds a =E2=80=98more effective=E2=80=99 standardisatio=
n body instead?
>
>
> Our work over the next few months is unbelievably important,
>
> - Adrian
>

--000000000000c338ed05d4ce6d9f
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-size:small">Adr=
ian,</div><div class=3D"gmail_default" style=3D"font-size:small">Given that=
 you&#39;re starting a new thread, I would appreciate it if you could do so=
me context setting and clarifying:</div><div class=3D"gmail_default" style=
=3D"font-size:small"><ul><li><b>What do you mean by &quot;Human Rights?&quo=
t; </b>Hopefully, you won&#39;t consider that a foolish question. The issue=
 is, of course, that since Internet standards are developed in a multicultu=
ral, multinational context, it isn&#39;t obvious, without reference to some=
 external authority, what a standards=C2=A0group should classify as a human=
 right. Different cultures and governments tend to differ on this subject..=
. As far as I know, the &quot;best&quot; source of what might be considered=
 a broad consensus definition of human rights is found in the UN&#39;s 1948=
=C2=A0<a href=3D"https://www.un.org/en/about-us/universal-declaration-of-hu=
man-rights">Universal Declaration of Human Rights</a>=C2=A0(UDHR).=C2=A0</l=
i><ul><li>Does the UDHR contain the full set of rights that you think shoul=
d be addressed by standards groups? If not, are there additional rights tha=
t you think should be considered?=C2=A0</li><li>In his document, <a href=3D=
"https://www.fordfoundation.org/work/learning/research-reports/human-rights=
-are-not-a-bug-upgrading-governance-for-an-equitable-internet/">Human Right=
s Are Not a Bug</a>, Niels ten Oever refers to the=C2=A0<a href=3D"https://=
www.ohchr.org/documents/publications/guidingprinciplesbusinesshr_en.pdf">UN=
 Guiding Principles for Business and Human Rights</a>, which adds to the ri=
ghts enumerated in the UDHR a number of additional rights described in the =
International Labour Organization=E2=80=99s <a href=3D"https://www.ilo.org/=
declaration/lang--en/index.htm">Declaration on Fundamental Principles and R=
ights at Work</a>. Given that you appear to endorse ten Oever&#39;s=C2=A0re=
port, do you also propose the=C2=A0same combined set of rights? (ie. UDHR=
=C2=A0+ ILO DFPRW?)</li><li>Some have argued that the Internet introduces a=
 need to recognize rights that have not yet been enumerated either in the U=
DHR or in any other broadly accepted documents. If this is the case, how is=
 a standards group to determine what=C2=A0set of rights they must respect?<=
/li></ul><li><b>What specific aspects of the issues being addressed by this=
 community group give rise to human rights issues?</b>=C2=A0Also, if you ac=
cept that one or some number of documents contain a useful list of such rig=
hts, can you identify which specific, enumerated rights are at risk? (e.g. =
if the UDHR is the foundation text, then I assume privacy issues would prob=
ably be considered in the context of the UDHR&#39;s=C2=A0<a href=3D"https:/=
/www.un.org/en/about-us/universal-declaration-of-human-rights#:~:text=3DArt=
icle%2012,interference%20or%20attacks.">Article 12</a>.)</li><li><b>Are you=
 suggesting that this group should formally address the issue of rights</b>=
, with some sort of process, or just that we should be aware of the issues?=
</li><ul><li>ten Oever suggests that &quot;Those who design, standardize, a=
nd maintain the infrastructure on which we run our information societies, s=
hould assess their actions, processes, and technologies on their societal i=
mpact.&quot; You apparently agree. Can you say how this should be done?</li=
><li>The UN Guiding Principles for Business and Human Rights describe a num=
ber of procedural steps that should be taken by either governments or corpo=
rations. Are you aware of a similar procedural description that would apply=
 to standards groups?</li><li>I think it was in the video that it was sugge=
sted that, in Internet=C2=A0standards=C2=A0documents, &quot;a section on hu=
man rights considerations should become as normal as one on security consid=
erations.&quot; Do you agree? If so, can you suggest how such a section wou=
ld be written?</li></ul></ul><div>bob wyman</div><div><br></div></div></div=
><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Tu=
e, Jan 4, 2022 at 9:05 PM Adrian Gropper &lt;<a href=3D"mailto:agropper@hea=
lthurl.com">agropper@healthurl.com</a>&gt; wrote:<br></div><blockquote clas=
s=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid r=
gb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div>This is a new threa=
d for a new year to inspire deeper cooperation between W3C and IETF. This i=
s relevant to our formal objection issues in W3C DID as well as the harmoni=
zation of IETF SECEVENT DIDs and GNAP with ongoing protocol work in W3C and=
 DIF.</div><div><br></div><div>The Ford Foundation paper attached provides =
the references. However, this thread should not be about governance philoso=
phy but rather a focus on human rights as a design principle as we all work=
 on protocols that will drive adoption of W3C VCs and DIDs at Internet scal=
e.</div><div><br></div><a href=3D"https://redecentralize.org/redigest/2021/=
08/" target=3D"_blank">https://redecentralize.org/redigest/2021/08/</a> say=
s:<br><div><br></div><div><blockquote class=3D"gmail_quote" style=3D"margin=
:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"=
><b>Human rights are not a bug</b><br>Decisions made by engineers in intern=
et standards bodies (such as<span>=C2=A0</span><a href=3D"https://www.ietf.=
org/" title=3D"Internet Engineering Task Force" style=3D"box-sizing:border-=
box;color:rgb(59,30,204);text-decoration:none rgba(59,30,204,0.4)" target=
=3D"_blank">IETF</a><span>=C2=A0</span>and<span>=C2=A0</span><a href=3D"htt=
ps://www.w3.org/" title=3D"World Wide Web Consortium" style=3D"box-sizing:b=
order-box;color:rgb(59,30,204);text-decoration:none rgba(59,30,204,0.4)" ta=
rget=3D"_blank">W3C</a>) have a large influence on internet technology, whi=
ch in turn influences people=E2=80=99s lives =E2=80=94 people whose needs m=
ay or may not have been taken into account. In the report<span>=C2=A0</span=
><a href=3D"https://www.fordfoundation.org/work/learning/research-reports/h=
uman-rights-are-not-a-bug-upgrading-governance-for-an-equitable-internet/" =
style=3D"box-sizing:border-box;color:rgb(59,30,204);text-decoration:none" t=
arget=3D"_blank">Human Rights Are Not a Bug</a><span>=C2=A0</span>(see also=
 its<span>=C2=A0</span><a href=3D"https://www.youtube.com/embed/qyYETzXJqmc=
?rel=3D0&amp;iv_load_policy=3D3&amp;modestbranding=3D1&amp;autoplay=3D1" st=
yle=3D"box-sizing:border-box;color:rgb(59,30,204);text-decoration:none" tar=
get=3D"_blank">launch event</a>), Niels ten Oever asks<span>=C2=A0</span><e=
m style=3D"box-sizing:border-box">=E2=80=9Chow internet governance processe=
s could be updated to deeply embed the public interest in governance decisi=
ons and in decision-making culture=E2=80=9D</em>.<br>=E2=80=9CInternet gove=
rnance organizations maintain a distinct governance philosophy: to be conse=
nsus-driven and resistant to centralized institutional authority over the i=
nternet. But these fundamental values have limitations that leave the publi=
c interest dangerously neglected in governance processes. In this consensus=
 culture, the lack of institutional authority grants disproportionate power=
 to the dominant corporate participants. While the governance bodies are op=
en to non-industry members, they are essentially forums for voluntary indus=
try self-regulation. Voices advocating for the public interest are at best =
limited and at worst absent.=E2=80=9D<br>The report describes how standards=
 bodies, IETF in particular, focus narrowly on facilitating interconnection=
 between systems, so that<span>=C2=A0</span><em style=3D"box-sizing:border-=
box">=E2=80=9Cmany rights-related topics such as privacy, free expression o=
r exclusion are deemed =E2=80=9Ctoo political=E2=80=9D=E2=80=9D</em>; this =
came hand in hand with the culture of techno-optimism:<br>=E2=80=9CThere wa=
s a deeply entrenched assumption that the internet is an engine for good=E2=
=80=94that interconnection and rough consensus naturally promote democratiz=
ation and that the open, distributed design of the network can by itself li=
mit the concentration of power into oligopolies.<br>This has not proved to =
be the case.=E2=80=9D<br>To improve internet governance, the report recomme=
nds involving all stakeholders in decision procedures, and adopting human r=
ights impact assessments (a section on<span>=C2=A0</span><em style=3D"box-s=
izing:border-box">human rights considerations</em><span>=C2=A0</span>should=
 become as normal as one on<span>=C2=A0</span><em style=3D"box-sizing:borde=
r-box">security considerations</em>).<br>The report only briefly touches wh=
at seems an important point: that existing governance bodies may become alt=
ogether irrelevant as both tech giants and governments move on without them=
:<br>=E2=80=9CTransnational corporations and governments have the power to =
drive internet infrastructure without the existing governance bodies, throu=
gh new technologies that set de facto standards and laws that govern =E2=80=
=9Cat=E2=80=9D the internet not =E2=80=9Cwith=E2=80=9D it.=E2=80=9D<br>How =
much would having more diverse stakeholders around the table help, when ult=
imately Google decides whether and how a standard will be implemented, or f=
ounds a =E2=80=98more effective=E2=80=99 standardisation body instead?</blo=
ckquote><p style=3D"box-sizing:border-box;margin-top:0px;margin-bottom:1rem=
;color:rgb(17,17,17);font-family:Lato,Verdana,Roboto,Arial,sans-serif"><br>=
</p><p style=3D"box-sizing:border-box;margin-top:0px;margin-bottom:1rem;col=
or:rgb(17,17,17);font-family:Lato,Verdana,Roboto,Arial,sans-serif">Our work=
 over the next few months is unbelievably important,</p><p style=3D"box-siz=
ing:border-box;margin-top:0px;margin-bottom:1rem;color:rgb(17,17,17);font-f=
amily:Lato,Verdana,Roboto,Arial,sans-serif">- Adrian</p></div></div>
</blockquote></div>

--000000000000c338ed05d4ce6d9f--

