**Session Date/Time:** 23 Mar 2022 09:00

# hrpc

## Summary

The hrpc (Human Rights Protocol Considerations) Research Group met to discuss several ongoing drafts and a new proposal, welcoming Sophia as a new co-chair. The session included updates on 3GPP privacy and security, a deep dive into the Coalition for Content Provenance and Authenticity (C2PA) and its harms modeling, progress on the `draft-irtf-hrpc-guidelines` and `draft-irtf-hrpc-freedom-association` documents, and a discussion on `draft-shulman-regional-internet-blocking`. Key themes included balancing security and privacy in protocol design, addressing potential human rights harms of new technologies, and the challenges of achieving consensus on complex socio-technical issues within the IETF/IRTF framework.

## Key Discussion Points

*   **Opening Remarks and HRPC Context**:
    *   Co-chair Malathy welcomed Sophia as the new hrpc co-chair.
    *   The agenda was adjusted to allocate 15 minutes for AOB (Any Other Business) and 5 minutes each for draft updates.
    *   Malathy provided an overview of hrpc's charter, history, and focus on long-term research issues, particularly freedom of expression and assembly, with collaboration on privacy.
    *   Emphasis was placed on hrpc documents being informational and the goal of publishing research both within the RFC series and in academic venues.

*   **3GPP Privacy, Surveillance, and Security (John)**:
    *   **IMSI Catchers**: 5G introduces encrypted International Mobile Subscriber Identity (IMSI) as mandatory to support but optional to use, which is not ideal for best practice. Limitations include MCC/MNC (country/network codes) remaining unencrypted, allowing tracking in roaming scenarios.
    *   **Legacy Interop**: 5G protects against downgrades to 2G/3G/4G, but initial connection to a fake 2G base station remains a vulnerability. Android 12 introduces a 2G kill switch.
    *   **Identities and 6G**: Ongoing Release 18 study on identifiers, prompted by research showing variable-length `Nice` leaks information. 6G plans to examine core network identifiers for privacy-sensitive information, aiming for "as needed" transmission and deletion.
    *   **Zero Trust Architecture (ZTA)**: TLS 1.3 is approved for internal 5G Service-Based Architecture (SBA) nodes. Inter-network ZTA (replacing SS7 weaknesses) is still under discussion (JSON interface vs. plain TLS tunnels).
    *   **SIM Authentication (AKA PFS)**: Ericsson's proposal to introduce Diffie-Hellman for forward secrecy in 5G authentication was declined for public networks due to objections from some countries (France, UK, US). This leaves a "disaster" scenario where billions of secret keys could be compromised, enabling impersonation, eavesdropping, tracking, and malware injection. EAKA PFS is approved for private networks only.
    *   **Forward Secrecy and TLS 1.3**: Discussion on the importance of frequent Diffie-Hellman for stronger future key protection (dynamic key exfiltration vs. static key exfiltration, per RFC 7625). TLS 1.3's PSK key exchange method, though standardized, is considered weak. Frequent Diffie-Hellman in TLS 1.3 requires new connections, which can be problematic in some contexts (e.g., DTLS over HTTP in 3GPP).
    *   **Authenticated Encryption**: 5G Release 16 introduces authenticated encryption for the user plane, enhancing confidentiality and protecting against ciphertext attacks.
    *   **User Consent**: 3GPP studies (TR 33.867) on user consent, inspired by GDPR, recommend storing consent with subscription data.

*   **Content Provenance and Authenticity (Jacobo, Witness)**:
    *   **Background**: Witness, a human rights organization, has been involved in content provenance (e.g., ProofMode app). Advocates for opt-in mechanisms, redaction, and privacy protection in provenance infrastructure.
    *   **C2PA Coalition**: A group of companies (Adobe, Microsoft, BBC, etc.) creating technical specifications for an interoperable ecosystem to capture and process authentication and provenance information. Version 1.0 published.
    *   **C2PA Design**: Relies on manifests containing metadata/assertions, cryptographically hashed and signed by a "signer" (e.g., camera manufacturer, editor). The signer vouches for information. The system aims to provide verifiable information for users to make informed trust decisions, not to determine "truth."
    *   **Human Rights Framework**: Witness co-chairs the C2PA's "Threats and Harms Task Force," focusing on preventing/mitigating harms and fostering positive uses (e.g., visual evidence of human rights violations).
    *   **Guiding Principles**: Established early on, emphasizing privacy, redaction, global audiences, simplicity, and continuous harm assessment. Manifests should not require individual identifiers.
    *   **Harms Modeling**: Adapted from Microsoft's framework, it identifies potential harms across categories like denial of consequential services, infringements on human rights (dignity, liberty, privacy, freedom of expression/association), erosion of social/democratic structures, and risk of injury.
    *   **Examples of Harms**: Reduction in anonymity/pseudonymity (inadvertent sharing, compliant but identity-requiring tools), attacks on journalistic freedoms (government-mandated identifiers), required participation in technology leading to algorithmic bias (e.g., higher ranking for C2PA-manifested content).
    *   **Mitigation Strategies**: Informing specs design (privacy, accessibility), accompanying documents (user experience guidance, implementer guidance, explainers), and non-technical/multilateral actions (resourcing diverse C2PA ecosystem, governance, ongoing assessment).
    *   **Q&A**: Discussed issues with legacy media, funding, public key verification tied to Certificate Authorities (CAs), collaboration with other SDOs (JPEG, IPTC), and mechanisms to address bad-faith signers (trust lists, compliance). Positive feedback on the utility of "explainers" for non-technical audiences.

*   **`draft-irtf-hrpc-guidelines` (Grishabard)**:
    *   **Status**: 12th version, moved from last call to IRTF Chair review. Feedback from Chair review addressed (reordered sections, content changes).
    *   **Attribution Section**: Remains a point of discussion. The draft advises against attribution in protocols, citing conflicts with privacy, security, censorship resistance, anonymity, and pseudonymity. The author views the current text as representing group consensus and advises against further changes.
    *   **Discussion**: Colin expressed difficulty understanding the attribution/remedy section as a protocol designer, requesting clearer context on how human rights are interpreted and concrete examples. Malathy clarified its context within the "right to remedy" and the balancing act required.

*   **`draft-irtf-hrpc-freedom-association` (Niels)**:
    *   **Status**: Five years in development, rg document for three and a half years. Aimed at expanding the relationship between specific human rights and protocols. Nick is the new document shepherd.
    *   **Updates**: Definitions, abstract, conclusions added; methodology explanation removed; language cleaned up; emphasis added on human rights per hrpc charter.
    *   **Next Steps**: Collaborate with the document shepherd, strengthen the connection between literature review questions and case studies.

*   **`draft-shulman-regional-internet-blocking` (Lenny)**:
    *   **Motivation**: Describe well-known internet blocking approaches and their implications for policymakers and the general public, aiming to provide unbiased technical information without advocating for or against policies.
    *   **Scope**: Focuses on regional/national internet blocking (like economic sanctions for the internet), not security threats or malicious attacks. Limited to established operator techniques.
    *   **Techniques**: Covered physical (cable cuts), routing (BGP de-peering, filtering), data plane (packet filtering, GeoIP), and DNS (undelegating TLDs, blocking resolution requests).
    *   **Efficacy Gaps**: Blocking can be counterproductive (hindering desired communication, empowering targeted regimes), ASNs/prefixes don't align perfectly with geopolitics, registry data is inaccurate, and the decentralized internet makes complete blocking impossible.
    *   **Status**: Presented at `int-area`, where consensus for adoption was not reached. Authors sought feedback on the document's usefulness and future direction.
    *   **Discussion**: Niels and Stefan suggested RFCs might not be the best medium for a general audience, recommending outlets like ISOC. They also proposed integrating relevant content into `draft-irtf-perpass-censorship-considerations`. Questions arose about the definition of "internet" when discussing country-level disconnection (internal vs. international connectivity) and the IETF's mandate to keep the internet connected. Ben Schwartz suggested focusing the audience on technical service operators rather than governments, providing considerations for their business decisions.

## Decisions and Action Items

*   **Meeting Agenda Adjustment**: For this session, AOB was allocated 15 minutes, reducing time for draft updates to 5 minutes each.
*   **Note-taking**: Kirshabad volunteered to assist with note-taking.
*   **`draft-irtf-hrpc-guidelines`**:
    *   **Action Item**: Grishabard to re-examine and update the "remedy and attribution" section for improved clarity and context for protocol designers.
    *   **Action Item**: Colin to provide a re-review of the draft, including any outstanding technical comments.
*   **`draft-irtf-hrpc-freedom-association`**:
    *   **Action Item**: Authors (Niels, et al.) to work with the new document shepherd (Nick) to strengthen the connection between the literature review questions and the case studies.
    *   **Decision**: After addressing these points, the draft will be considered ready for a Research Group Last Call.
*   **`draft-shulman-regional-internet-blocking`**:
    *   **Decision**: The `hrpc` Research Group will not adopt this draft, mirroring the `int-area` working group's earlier decision.
    *   **Action Item**: Authors are encouraged to consider how relevant technical insights from this draft could inform or improve Section 5.3.2 of `draft-irtf-perpass-censorship-considerations`.
    *   **Action Item**: Malathy suggested following up on the `priv-rg` mailing list to see if there is further discussion or interest there.

## Next Steps

*   `draft-irtf-hrpc-guidelines`: Address feedback on the attribution/remedy section and complete the IRTF Chair review process.
*   `draft-irtf-hrpc-freedom-association`: Collaborate with the document shepherd to refine the connections between the literature review and case studies, then proceed to Research Group Last Call.
*   `draft-shulman-regional-internet-blocking`: Authors to consider adapting content for other audiences (e.g., ISOC, technical operators) or contributing to existing drafts like `draft-irtf-perpass-censorship-considerations`. Follow up with `priv-rg` for potential further discussion.
*   **General**: Continue discussions on the hrpc mailing list.