[Chapter-delegates] ISOC and its involvement with the IETF

Andrew Sullivan sullivan at isoc.org
Tue Sep 14 06:00:18 PDT 2021 

Hi,

(I did not have time to write a short note, so I wrote a long one instead.)

On Tue, Sep 14, 2021 at 08:47:14AM +0300, Hank Nussbacher via Chapter-delegates wrote:

>Thanks for the lengthy and detailed response.  I'd like to focus on one aspect
>- who speaks on behalf of Internet end users.

I think the question is itself quite problematic, because I'm very far from convinced that there is a description of a class, "end users", that has enough unity to be much of a group to speak on behalf of.  For there are a _lot_ of different ways that people can use the Internet, with many different kinds of expectations and assumptions.

To use a silly example, I have been using the Internet since the early 1990s, via different access methods, and to this day my primary mail reader is terminal-based.  My expectation, as often as not foiled these days, is that people will use multipart/alternative to send mail.  My parents also are end users of the Internet, and I am pretty sure that, even though my father was an actual rocket scientist, the expectation I just stated I have would be totally mystifying to him.  And if this trivial example of variability is completely normal from one rather privileged family from Southern Ontario, it seems we are going to have rather more variation across all the different people in the world who use the Internet.

This is of course normal, but it is why I believe we need to work not just within our own Society community, but also with many other communities of interest and partners to try to advocate for the Internet and its way of networking.  More on this below.

Indeed the ISOC Mission
>statement:
>
>https://www.internetsociety.org/mission/
>
>surprisingly does not state that as a mission of the Internet Society.

I think there are parts of the mission that are pretty close: "a resource to enrich people’s lives, and a force for good in society."  Moreover, while "open, globally-connected, secure" are all properties _of the Internet_ itself, "trustworthy" is not.  "Trustworthy" is a property that indicates that a person ought to trust the trustworthy thing, and in order to understand that it is necessary to understand what trust is being placed.  The formal way we have defined this as internal guidance for staff is this:

	The Internet is completely trustworthy if and only if it is
	completely resilient, reliable, accountable, and secure in a way
	that consistently meets users' expectations for information and
	services. The opposite of trustworthy is untrustworthy.

Since this depends on users' expectations, it is necessarily a relational property.  

But as I said above, I don't think we can do the work alone, which is why the part, "We seek collaboration with all who share these goals," is so important.

>So why can't ISOC position itself as the voice of the end user?

I think my quibble is basically with the definite articles there: we can't be _the_ voice, and there's no clear meaning of _the_ end user.  This point is actually a major theme of the Internet way of networking: because of its technical properties, the Internet is an especially human-empowering technology, and we must avoid chipping away at that.

>Over the past 40 years the Internet has been a decentralized network and we
>have all enjoyed its evolution.  Over the past year and over the next 3 years
>the Internet will transition into a centralized network with almost all data
>flowing via approximately 10 mega-corporations. 

There can be little question that, as a matter of fact, certain features of the way people are using the technology these days (and I would argue, especially, certain architectural features of the world wide web) tend to encourage centralization and consolidation.  The question that confronts us, however, is not merely whether there is an accidental issue of economic power (which might be addressed through multiple means, not all of them technical), but whether the Internet is going to be _designed_ to encourage that.  I think that is what RFC 8890 is really about, because it's about what the IETF should weigh when making standards.

>Examples:
>
>- DoH: https://labs.ripe.net/author/bert_hubert/
>centralised-doh-is-bad-for-privacy-in-2019-and-beyond/

There is nothing whatsoever about DoH that necessitates it will be centralized.  Bert's point there is that _centralized_ DoH is in fact bad for privacy, and he's probably right.  But it's also true that the problem he's diagnosing has been true for years, before DoH was even introduced.  Very large resolver operators have been around for more than a decade, and in some countries they are essentially all that gets used.  In that sense, DoH is also an opportunity, because it provides the possibility of private exchange of the resolution data (a possibility not true under plain old DNS on port 53), and also allows different applications to use different resolvers according to their purposes (also a feature not available except with difficulting using DNS on port 53).  That could certainly be abused by application designers, but it also could turn into a privacy feature.  What we need to be, then, is vigilant about deployment tactics, and not attack this technology as somehow intrinsically preferring one outcome over another (because in this case, it does not).  By way of comparison, TLS, which is fundamental for HTTPS, preserves privacy too; but if one only ever uses HTTPS to connect to LargeSocialMediaFirmOfChoice, then that one firm has all the information anyway, and the privacy preservation may be diminished.

>- Apple's Private Relay: https://419.consulting/private-relay [download the
>roundtable report]

One thing that is really interesting about that example is that it's not really an Internet technology at all, since in effect you have to be using Apple devices to get it to work.  (There is some specification that might mean in the end it could be an Internet technology, but for the moment that turns out to be only a technology that happens to be carried over the Internet.)  Not everything that ever uses the Internet is an "Internet issue", because these days basically everything touches the Internet.  What we do need to be aware of, however, is the possibility that the Internet will become a bare transit mechanism for many different, completely siloed systems that cannot interoperate.  In that case, we'd keep the Internet but we'd never really have access to it, because all access would be mediated through the various silos.  Frighteningly to me, some regulatory moves actually _encourage_ this dismal future, and so it should be one of the Society's (i.e. all of ours, not merely the staff's) concerns.

>It has recently come to my attention via a technical forum I am involved with
>that over the past few years the IETF has been sort of hijacked by massive
>corporations who can send dozens of employees to attend the IETF and work on
>standards.

I don't think that's especially new: a number (possibly a majority) IETF participants have long been subsidized by their emplopyers, and when I first started participating there a main complaint was, "Cisco is taking over the IETF."  Moreover, because of the unique social structures of the IETF, there are power dynamics that are often not explicit: Corinne Cath-Speth wrote her recently-published dissertation on this topic, and has published a few pieces based on it on the Internet.

>Technical people see the beauty of
>centralized Internet system.  Is is up to the end users to say "I do not trust
>such a system and suggest not moving to a centralized Internet".

It is emphatically not the position of the Internet Society that a centralized system is good, and the Internet Way of Networking project is an effort to try to make that clear.  The second PDP that will come from that project is scheduled soon, if I recall correctly, and I hope the materials will be clear, comprehensible, and usable by this community in advocating for the Internet I believe we all want.  If _not_, the PDP would be a good time to raise those concerns, so that we can realize the vision of the Internet Society: the Internet is for everyone.

Best regards,

A

-- 
Andrew Sullivan
President & CEO, Internet Society
sullivan at isoc.org
+1 416 731 1261

More information about the Chapter-delegates mailing list