Re: [regext] [hrpc] Human Rights Review of draft-ietf-regext-verificationcode

Fri, 05 Oct 2018 10:31:59 -0700 

[as an individual]

On 10/5/18 8:17 AM, Thomas Corte wrote:

Generally, technical standards are IMHO not the appropriate place for
fighting political or societal issues.




At the IETF 98 plenary in Chicago, David Clark said something on the 
topic of human rights that's really resonated with me ever since: "You 
are designing the playing field, not the outcome of the game. But if you 
are clever enough, you can tilt the playing field."



I think that that we're well past the point where we have the luxury of 
pretending that technology has no ethical implications. I believe that 
the IETF does, in the general case, have an obligation to consider the 
human rights implications of its work. In the specific case of 
-verificationcode, I think Andrew Sullivan's arguments are persuasive, 
and that this obligation is best served by publishing this mechanism 
with proper framing and considerations. There's a parallel to be drawn 
between what he advocates and the conclusions drawn by RFC 2804:


   - On the other hand, the IETF believes that mechanisms designed to
     facilitate or enable wiretapping, or methods of using other
     facilities for such purposes, should be openly described, so as to
     ensure the maximum review of the mechanisms and ensure that they
     adhere as closely as possible to their design constraints. The IETF
     believes that the publication of such mechanisms, and the
     publication of known weaknesses in such mechanisms, is a Good
     Thing.


I strongly support enumerating the concerns raised in the HRPC review as 
part of this document. I'm also certain that those entities that are 
causing the most worry in this context [1] will implement their policies 
with or without a standard. By performing this work in the IETF, we at 
least have a chance to ensure that the mechanism is narrowly scoped to 
its intended purpose, and that it comes with appropriate caveats about 
the implications of deploying it.


/a

____

[1] Although it hasn't been brought up recently, Nils pointed to 
<https://www.article19.org/resources/corporate-actors-must-not-facilitate-human-rights-violations-through-new-chinese-rules/> 
in relation to this document a couple of years ago.


_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext


























					Reply via email to