**Session Date/Time:** 11 Nov 2022 09:30 # hrpc ## Summary The hrpc session began with administrative announcements and a poignant tribute to Alaa Abd El-Fattah, underscoring the real-world impact of human rights issues on the technical community. This was followed by two invited talks: Dimitri Vitalev presented on Equality's digital security and censorship circumvention solutions, including the Sino browser and the Decoms project, and proposed an interchangeable web caching standard. Karin van Es discussed her anthropological research on human rights advocacy within the IETF/IRTF, highlighting the IETF's inherent political nature and hrpc's bridging function. Updates were provided on the "Guidelines for Human Rights Protocol Considerations" and "Free Association" drafts, and new work on "Technology-Based Intimate Partner Violence" was introduced. The session concluded with a cross-pollination discussion on human rights implications in the GNAP protocol and a call for feedback on a potential hrpc recharter. ## Key Discussion Points * **Administrative Setup and Community Reminders (00:00:33)**: Initial setup issues with MeetEcho/slides were resolved. Attendees were reminded to use MeetEcho for the queue, wear masks, and volunteer for note-taking. Michaela volunteered to take notes. The IETF Note Well, IRTF goals, and hrpc's charter (researching how internet protocols strengthen/threaten human rights, relying on UDHR and ICCPR, focusing on freedom of expression, assembly, and privacy overlap) were reiterated. * **Tribute to Alaa Abd El-Fattah (00:10:25)**: Tara delivered an address about Alaa Abd El-Fattah, a free and open-source developer, activist, and symbol of the Egyptian revolution, currently imprisoned. His hunger strike during COP27 was highlighted, along with the broader issue of political imprisonment in Egypt. Tara shared an excerpt from Alaa's writings on the platform economy, technological innovation, and political reform, emphasizing the vital role of understanding technologies, analyzing their effects, and fighting to direct their course to curb harms and expand benefits. * **Invited Talk: Equality's Digital Security Solutions by Dimitri Vitalev (00:22:15)**: * Dimitri Vitalev, founding director of Equality, presented on their 13 years of work in digital security for human rights. All solutions are free and open source. * **Deflect Project (00:24:02)**: A website security infrastructure protecting independent media, human rights groups, and democracy movements from cyberattacks (DDoS, legal attacks). It's a reverse proxy caching network offering protection, performance, and based on principles (content criteria, abuse complaint processes). * **Basketball (00:29:08)**: A machine learning framework operating within Deflect, trained to differentiate human behavior from algorithmic/machine-led behavior, challenging anomalies to mitigate attacks. Designed to be private-by-design, with pre-processing at the network edge. * **Sino Browser (00:36:00)**: A censorship circumvention system designed for internet shutdown scenario one (disconnection of popular services/VPNs). Uses the BitTorrent protocol for distributed routing and storage, turning every user into an active routing node ("Cooperative Browsing"). Also enables decentralized caching for frequently requested content. * **Decoms Project in Ukraine (00:42:00)**: An emergency communications project for total disconnection scenario two (physical network damage). Uses decentralized protocols (Matrix, Mastodon, Delta Chat, Briar with Tor/Bluetooth mesh) by deploying local servers in affected regions. * **WinNet Core Technology (00:44:00)**: The underlying library for Sino, handling decentralized caching and content delivery. Available as an SDK and open-source library. * **Preemptive Content Injection (00:46:01)**: Tools like "Wecrawl" are used to preemptively scrape and inject essential web resources (e.g., Wikipedia) into the WinNet network for disconnected areas. Transport mechanisms include satellite internet and embedding data packets in TV satellite streams. * **Proposed Protocol Stack (00:50:02)**: A proposal for an interchangeable web caching standard that would allow web cache generated by systems like Nginx (used by Deflect) to be easily integrated into decentralized networks like WinNet/BitTorrent DHT for content accessibility. * **Q&A on Dimitri's Talk (00:54:15)**: * **Personalized Content (00:54:33)**: Sino intelligently decides what to cache; cookie-authenticated content is not cached in DHT. Users have options to share/cache content. * **Traffic Analysis/Anonymity (00:55:38)**: Sino is a content delivery system, not designed for network anonymity or strong privacy. DHT traversal is complicated to prevent crawling. * **Authenticity/Malicious Content (00:57:07, 01:02:00)**: Content injected by "injectors" (e.g., Equality) is signed and validated by the Sino client. Injectors are a point of vulnerability; the system relies on their integrity. There's a need for broader web publishing authentication standards. * **Invited Talk: Human Rights Work in the IETF and IRTF by Karin van Es (01:09:47)**: * Karin van Es, an anthropologist, presented her research on human rights in the IETF/IRTF. * **Thesis (01:12:00)**: The IETF is inherently political and has always engaged in political/policy work. Technology is politics by other means. * **Historical Context (01:16:01)**: Traced human rights/policy discussions in the IETF back before hrpc, citing RFC 6973 (Privacy Considerations, 2013), John Morse's work (2010), and even early RFCs. * **Contention of hrpc (01:18:03)**: Explained why hrpc was contentious: seen as slowing down work, tension with economic/efficiency considerations, and cultural hesitancy due to worries about unwanted scrutiny, outside regulation, and demands from governments (e.g., backdooring encryption). * **RFC 70258 (Pervasive Monitoring Is An Attack) (01:24:00)**: Presented as an example of the IETF taking a political stance (even if couched in technical terms) in response to a political moment (Snowden revelations). * **hrpc's Influence and Impact (01:26:00)**: Argued that hrpc's impact goes beyond RFC 8280's direct take-up. It acts as a "landing pad" and "safe space" for engineers, fosters mentorship, and serves a "bridging function" between new/old members, end-users, activists, research/technical work, and political/technical debates. * **Future of hrpc (01:28:01)**: Posed the question of how hrpc wants to reposition itself, suggesting it could become a space for broader consideration of politics and policy, leveraging its unique perspective on issues like government repression, surveillance, and emerging technologies. * **Q&A on Karin's Talk (01:30:52)**: * **Engineer's Struggle (01:31:07)**: Elliot acknowledged the struggle for engineers when there's "no right answer" regarding human rights, as technology can be used for good or harm. * **Value of Presentations (01:31:47)**: Suggested that the value of hrpc lies in its presentations, proposing ways to surface important presentations to the broader IETF community with suggestions for ramifications. * **Diversity of Viewpoints (01:32:46)**: Colin Perkins emphasized hrpc's value in bringing diverse viewpoints to the IETF, helping the community to admit it always discussed politics (e.g., RFC 1984) and now doing so explicitly. * **Human Rights Review Team (01:34:55)**: Adrian Farrell suggested a "human rights review team" or "directorate" to help protocol developers by asking questions and bridging the gap, rather than dictating solutions. Mallory acknowledged this iteration was useful, focusing on identifying trade-offs. * **Current Draft Updates (01:40:48)**: * **Guidelines for Human Rights Protocol Considerations (01:41:03)**: Gershbad reported the draft is under IRSC review. Comments from Jane Coffin and Brian Dremel have been addressed. * **Free Association (01:42:30)**: Nick (doc shepherd) reported minor edits have been made to clarify considerations for the same protocol across different issues. Awaiting co-author review before a research group last call. * **New Draft: Technology-Based Intimate Partner Violence (01:44:09)**: * Sophia introduced new work, inspired by an IETF 114 invited talk, aiming to provide recommendations for protocol/system designers on how technology can enhance abuse in intimate partner violence (IPV) contexts. * The draft structure includes definitions of technology-based IPV, attacker types, specific abuse technologies, and recommendations for protocol designers and security. * Called for participation and feedback on the mailing list and GitHub. * **Cross-Pollination / AOB: GNAP Protocol (01:48:40)**: * Adrian Farrell raised concerns about the Grant Negotiation Authorization Protocol (GNAP), a successor to OAuth. * **Problem Statement (01:50:01)**: GNAP, like OAuth, risks ignoring power asymmetry and could lead to "forced association" with hyperscale platforms, policy surveillance, traffic analysis, regulatory capture, and mass surveillance with verifiable credentials/DIDs. * **Proposed Solution (01:52:00)**: Suggested that unrestricted delegation by the resource owner to an authorization server should be a "MUST" or "SHOULD" requirement in the GNAP specification. * **Working Group Engagement (01:56:00)**: Fabian (GNAP co-editor) confirmed the working group is taking these human rights considerations seriously but needs technical ways to implement solutions, seeking additional support. * **Call to Action (01:58:15)**: Mallory and Colin encouraged hrpc members with expertise to engage directly with the GNAP working group, suggesting communication on both hrpc and gnap mailing lists, and potentially small direct discussion groups. * **Potential hrpc Recharter Discussion (02:00:02)**: * The chair, Mallory, noted that a recent IAB review, along with feedback from this meeting, suggests it's a good time to consider a slight recharter for hrpc. * Goals for recharter include: incorporating feedback on mainstreaming reviews, bringing others into the work, and explicitly addressing "policy discussions" (a term not currently in the charter but relevant to the group's activities). * This discussion will be moved to the hrpc mailing list and the IETF 116 meeting. ## Decisions and Action Items * **Note-Taking**: Michaela to take notes for the session. * **"Guidelines for Human Rights Protocol Considerations" Draft**: Comments from IRSC review addressed; draft to proceed in the publication queue. * **"Free Association" Draft**: Co-authors (Nick, Niels, Mallory) to review the recent edits, then initiate a research group last call. * **"Technology-Based Intimate Partner Violence" Draft**: Work to continue; call for active participation and feedback on GitHub and the mailing list. * **GNAP Protocol Discussion**: hrpc members interested in engaging with GNAP on human rights considerations are encouraged to communicate on both the hrpc and GNAP mailing lists, and potentially form small discussion groups. Interested hrpc members should signal their interest to the chairs. * **hrpc Recharter**: The hrpc chairs will facilitate a discussion on a potential recharter via the mailing list and allocate more time for this topic at the IETF 116 meeting in Yokohama. ## Next Steps * **"Guidelines" Draft**: Monitor progress through the IRSC publication queue. * **"Free Association" Draft**: Co-authors to finalize review of edits and prepare for a Research Group Last Call. * **"Technology-Based Intimate Partner Violence" Draft**: Actively recruit contributors and further develop the draft, aiming for potential submission to the data tracker in the coming weeks/months. * **GNAP Engagement**: Facilitate cross-pollination between hrpc expertise and the GNAP working group, especially concerning the technical implementation of human rights safeguards for delegation and platform power asymmetry. * **hrpc Recharter**: Initiate discussion on the hrpc mailing list regarding a potential recharter, incorporating feedback from this meeting and recent IAB review. Plan for dedicated discussion time at IETF 116. * **Presentations Visibility**: Explore ways to surface hrpc invited talks and their ramifications to the broader IETF community.