[ih] A paper

[Brian E Carpenter]

One of the downsides of open access publication is that critical reviews are also out in public. But I spent some time looking to see what all the 
fuss was about, so here is my quick review. TL;DR: Written in Martian as far most techies are concerned. But I agree with the overall conclusion.

It is a bit hard to figure out at first what this paper is trying to say. 
For a start, the Abstract says: "Internet protocols do not single handedly mitigate human rights on the Internet..." I have no idea what "mitigate" means in this. None of the options in Merriam-Webster seem to apply to "human rights":

1 : to cause to become less harsh or hostile : mollify
2a : to make less severe or painful
 b : extenuate

So the key idea expressed in the Abstract is literally meaningless in the 
English language.

Then we read "ViD [Values in design] scholars operate under the assumption that Internet protocols (IPs) can be designed such that their use will necessarily and durably promote human rights..."

This is of course an utterly ridiculous assumption from a technical viewpoint. There's no citation for where it comes from, despite a generic incantation of "Lessig and DeNardis". I have criticised DeNardis's "The Global War for Internet governance" elsewhere (https://www.cs.auckland.ac.nz/~brian/DeNardisCrit.html), and Tom Vest documented the failings of her "Protocol Politics" (page 40 in https://ipj.dreamhosters.com/wp-content/uploads/issues/2009/ipj12-4.pdf). Lessig has of course done great work. But I 
cannot see how either of them can be accused of the assumption above.

To be clear, Internet technology is inevitably a dual use technology. Nowhere is that clearer than in the cryptography and privacy debates. Anywhere you can find a legitimate use for a security feature, you can also find a criminal use, a military use, and a repressive use.

Continuing...
"participants seek to institutionalize this mode of thinking within Internet standards bodies, particularly the Internet Engineering Task Force (IETF), thereby adding an explicit political dimension to their work."

The Mission Statement of the IETF already says "The Internet isn't value-neutral, and neither is the IETF.  We want the Internet to be useful for communities that share our commitment to openness and fairness." Thus there is already an explicit policy statement right there. But the mission statement also recognises reality: "[An IETF standard] does not imply any attempt by the IETF to mandate its use, or any attempt to police its usage." IMNSHO the whole human rights issue is declared *right there* to be a 
societal problem and not a technical problem.

Then...
"perhaps their most influential publication, Request for Comment (RFC) 8280". I am far from certain that this RFC (dated October 2017) has been influential. According to Google Scholar it has been cited twice (once by one of the current authors). It has also been cited in only two Internet-Drafts (outside the HRPC research group itself). I have no real problems with that RFC; but I don't think it has had much effect.

About 15 pages later (having skipped prose written in terms that my geek brain simply cannot interpret, almost as bad as reading a semiotics text) 
I did find something that I strongly agree with:

"The problem we identify above is not merely a logical consideration; it
may have serious institutional consequences. We are concerned that it will
be impossible “to make conscious and explicit design decisions that take
into account the human rights protocol considerations guidelines.” 
In
keeping with our analysis above, this would require a superhuman level of
awareness of one’s unconscious, and the unconscious of others. It 
would
also require that we divine which components of a protocol were truly
responsible for the political impact."

Exactly! Or in other words, "the assumption that Internet protocols (IPs) 
can be designed such that their use will necessarily and durably promote human rights" is codswallop and balderdash.

Then the paper continues to its case studies. Skipping to the dénouement of the EGP/BGP case: "Ultimately, the intentions behind the design decisions, behind the design, and behind the impact of EGP and BGP are opaque." I disagree. Firstly, everybody knew that Cisco repeatedly pushed their proprietary solutions into the market, to lock in customers, at the same time as sending people to standards meetings because some procurements (especially government procurements) required support of standards. They weren't the only companies playing that game of course; they just played it better. Secondly, the techies knew that BGP was *technically necessary* to handle the expected growth, and in due course (by about 1993) they 
knew that BGP4 was essential for the same reason. Now the *design* of BGP4 is very interesting, but you have to remember that the push for "policy 
based routing" came from large US government agencies that required it. Whether the BGP4 designers realised the extent to which BGP4 would encourage and mediate market forces once commercial ISPs appeared is less clear to me, but you could always ask them.

I skipped the DNS and WHOIS case studies (well, it's Sunday afternoon here) but it is absolutely true that decisions taken during DNS design had very unintended consequences, which I tend to blame on Ira Magaziner and the very capitalistic way that ICANN was set up. Certainly the DNS designers could not have predicted that.

"Conclusion

IPs have human rights consequences, and they are political artifacts. This much is obvious, and probably uncontroversial."

I'm assuming that the "they" refers to the protocols, not the consequences. If that's not what you mean, have a word with your copy editor.

The human rights consequences are undeniable, as are those of inventing cooking, clothes and the wheel. But *in no way* can you assert that protocols are political artefacts. That's only true in the *very* limited sense 
that the Internet is connectionless and the previous networks (telegraph, 
telephone) were connection-oriented, and that difference did have very significant commercial, societal and political effects. The Internet vs OSI 
protocol wars were very much a result of that, especially in Europe. The Internet's victory had direct societal impact, seen most clearly in the early 1990s when the whole of Eastern Europe rushed to connect to the Internet as soon as the Soviets left town.

"Our arguments about why further human rights considerations may harm the 
IETF are hypothetical and may not happen."

I wouldn't lose any sleep about it. The IETF has survived 3.5 years of RFC8280 without any adverse impact.

"Imposing lofty political considerations on the activities of protocol designers politicizes the act of creating protocols that do not necessarily 
have a political dimension."

We agree.

Regards,
    Brian Carpenter

On 18-Jul-21 15:27, farzaneh badii via Internet-history wrote:
> Well … seems like you did send the email to the list John. Mistakes
> happpen. But that’s ok.
> 
> We were for two years getting this paper reviewed and polished. I think 
you
> should read it. We were vigorously peer reviewed and got very helpful
> technical feedback. If you read the paper you find out that we are arguing
> against those who want to bake values into Internet architecture. We don’t
> think the methods at  HRPC actually work. We argue that it is very
> difficult if not impossible to bake these values into Internet
> architecture, something that the Infrastructuralist  crowd want to do. I
> have even written another paper called requiem for a dream that vigorously
> criticizes the HRPC and enforcing human rights through Internet
> architecture.
> 
> Many members of the Internet community have tried to dishearten me to leave
> them alone in their echo chamber. But I will remain in my place. People
> warned me about interacting with this mailing list, which is saying
> something. But I do believe that we can benefit from each other’s point of
> views. And I am grateful for those who took the time to read it. And I
> invite others to send their feedback to this list. If being professionally
> active in the Internet community as a legal and policy scholar has taught
> me one thing, it is not to be intimidated.
> 
> 
> 
> 
> On Saturday, July 17, 2021, John Levine via Internet-history <
> internet-history at elists.isoc.org> wrote:
> 
>> Do you think I should send this to the list?
>>
>> This paper is embarassingly bad, but we've already seen that.
>>
>> R's,
>> John
>>
>> From: John Levine <johnl at iecc.com>
>> To: internet-history at elists.isoc.org
>> Subject: Re: [ih] A paper
>> In-Reply-To: <CAN1qJvDVuyH3+y8gySA9aLeL8dzgSwM4Q9RA3qW2g55
>> yTe+pjg at mail.gmail.com>
>> Organization: Taughannock Networks
>> Cc: farzaneh.badii at gmail.com
>>
>> It appears that farzaneh badii via Internet-history <
>> farzaneh.badii at gmail.com> said:
>>> Hi everyone,
>>>
>>> Filder and I have published a paper recently about Internet protocols 
and
>>> human rights but had a historical look at WHOIS, BGP/EGP and DNS. We
>>> greatly enjoyed the informative conversation about BGP and EGP on this
>> list
>>> and helped us a lot with providing a more complete background.
>>
>> I unfortunately also found the paper turgid to the point of unreadability.
>>
>> It missed how little the HRPC research group had to do with the actual
>> activity of the IETF. The authors of RFC 8280 were both using the IETF
>> as a topic for their PhD theses, in ten Oever's case putting himself
>> into the IETF's processes and using the IETF as unwilling human
>> research subjects in ways I found quite unethical. The HRPC RG had and
>> still has a painfully cramped idea of "human rights" limited to issues
>> of expression and anonymity. I stood up in a couple of their meetings,
>> pointed out that they were paying attention to only two of the 28
>> articles of the UDHR, so how about the other 26? What about attacks on
>> honor and reputation (Art 12), or being arbitrarily deprived of their
>> property (Art 17), both of which are big problems on the Internet? Oh,
>> they're important too, said the chair, but nothing changed.
>>
>> Some of the HRPC members attempted to do "human rights considerations"
>> reviews of proposed standards, which mostly revealed that they had no
>> idea what they were reading. A spec about a technique to transmit
>> credentials, e.g., for a chartered bank to register for a banking service,
>> was misinterpreted as a mandatory way for oppressive governments to
>> track their citizens. It was not a positive experience for anyone.
>>
>> I also can't help but note that the article gets the title of Tom
>> Kuhn's "The Structure of Scientific Revolutions" wrong in different
>> ways in two different places which makes it appear that this piece has
>> not been proofread or otherwise had meaningful review.
>>
>> R's,
>> John
>>
>>
>> --
>> Internet-history mailing list
>> Internet-history at elists.isoc.org
>> https://elists.isoc.org/mailman/listinfo/internet-history
>>
> 
>