By Guest author

Recently, a lot of thought has been devoted to the issue of human rights and internet protocols.

Internet protocols in this context are not about content. Using email as an example, internet protocols define how your computer or device locates and communicates with your email service and how that email service locates and communicates with other email services. They define how one email service may authenticate another email service. They are not about what you put in your mail. It is about how the technology works.

----------------------------------------------------------------- Support our work - make a recurrent donation! https://edri.org/supporters/ -----------------------------------------------------------------

However, even if protocols are agnostic about what is being communicated, they can sometimes make more data than necessary visible to intermediaries. Any use of the internet requires services to be located. One current area of interest concerns how much information you need to give, and when, to locate another service. As an example, imagine going to a medical appointment. You do not start by asking about how to get to a specific department in the hospital. You start by asking how to get to a particular metro station, and when there, how to get to the hospital – and only within the hospital do you seek directions to the specific department. There is work going on to replicate that style within core internet services. For more information, see the presentation on Domain Name System (DNS) and privacy by Sara Dickinson of Sinodun at Afnic’s Open Day in 2017: https://www.youtube.com/watch?v=gQfjEFZNlLg

The Internet Engineering Task Force (IETF) is the place where internet protocols are defined. It is probably the most important standardisation body regarding the internet. It does not deal with the “whole internet”, though. Its focus is on the Internet Protocol (IP) layer. It does not deal with user interfaces or content. It does not deal with what happens in particular computers or devices. It does not develop the lower layer technologies, such as Bluetooth, WiFi, 5G and the like. But it does define many of the protocols that allow machines and networks to interoperate.

The IETF met in London from 18 to 23 March 2018. There were over 1200 participants. These included people from all the major technology players, EDRi member Article 19, Europol, the US National Security Agency (NSA), and more.

The IETF is an open evolving community of engineers that basically produces advice for engineers. The “advice” tends to be in the form of Requests for Comments ( RFCs) of which there are now over 8000. They come in various flavours from ”internet standards” to “informational” to “jokes”. The “joke” RFCs are important. They are fun, help maintain the sense of community, and they also stop organisations simply saying they follow “all IETF RFC’s” in their products.

The IETF is unlike many other standardisation bodies. It is very open. There is no membership fee and no membership list, which in turn means no community-wide voting. There are no significant barriers to participation; all people really need is the ability to work on a mailing list. Even for the big meetings more and more people are participating remotely. Decisions, however, are then “made on the list”. People participate because they find it useful; people use the standards because they find them useful.

Over the years the IETF community has taken positions on how to deal with property rights claims in developing standards, and on how to take into account security and privacy considerations – including work on the permanence of identifiers, and on law-enforcement interception and security agency mass surveillance.

The IETF also has a sister organisation: the Internet Research Task Force (IRTF) which met in London, the same venue and time. The two communities overlap to a significant extent. While IETF Working Groups focus on the shorter term issues of engineering and standards, IRTF Research Groups focus on longer-term research issues.

While some Research Groups are clearly technical there are at least two with clear policy dimensions.

Many people believe that internet access should be considered a basic human right. The Global Access to the Internet for All Research Group (GAIA) addresses the challenge of the growing digital divide between those with functional access to the Internet and those who simply cannot afford access. One of their objectives is to develop a longer-term perspective on IETF standardisation efforts and this could include recommendations to protocol designers and architects.

The Human Rights Protocol Considerations Research Group (HRPC) is chartered to research whether standards and protocols can enable, strengthen or threaten human rights, including the right to freedom of expression and the right to freedom of assembly.

Everything about these two Research Groups, well everything except the coffee and cookies, is available online – their charters, their working documents, their mail archives, instructions on how to join the mailing lists and all the meeting materials: https://irtf.org/gaia and https://irtf.org/hrpc. You are welcome to participate.

Global Access to the Internet for All Research Group (GAIA)
https://irtf.org/gaia

The Human Rights Protocol Considerations Research Group (HRPC)
https://irtf.org/hrpc

Video: Domain Name System (DNS) and privacy
https://www.youtube.com/watch?v=gQfjEFZNlLg

(Contribution by Gordon Lennox, Technologies, Droits, Responsabilités, Société association – TDRS and EDRi Advisory Board Member)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner