On Apr 26, 2018, at 10:27 AM, Dave O'Reilly <[email protected]> wrote: > Let me clarify: I’m not saying that there are no problems with judicial > systems around the world but I was commenting, in response to your point, > that IP address will usually form part of the evidence and will not generally > be relied upon as identifying the suspect without supporting evidence from > other sources.
I think what Tom is getting at, and also what I was getting at in my earlier comment, is that we simply can't make the assertion that "IP address will usually form part of the evidence and will not generally be relied upon as ... etc". One thing to bear in mind is that often the purpose of data collection under a repressive regime is to provide a pretext for prosecution, not to provide evidence in an adversarial trial. The point is to be able to say that you did something to single out the intended victim of the prosecution, not that what you say you did actually accurately singled out that victim. You've asked privately what my objection to the document is, and I haven't had time to re-review it yet (sorry—yesterday was jam-packed). But what got me interested in the first place is that I think that it's really important to be serious about evaluating these issues and not simply think about this in terms of a particular isolated case, like Denmark's judicial system or the system in the U.S. In practice, regimes where data collected will be used as a pretext probably have more total residents than countries where citizens' rights are taken seriously, either as a matter of custom or as a matter of law. And in the U.S. it's pretty clear that rule of law doesn't apply anymore to anyone who is not a citizen, nor does it appear in practice to apply fully to citizens who are not white. And we've seen with the recent U.K. Windrush scandal that this is also true in the U.K., and while it's great that it's creating a furor in the press, it's not clear that the situation is going to get substantially better as a result. The problem with the IETF taking a position on these matters is that it grants the IETF's legitimacy not only to legitimate investigative bodies and judicial bodies, but also to illegitimate such bodies. And so the bar for adoption of work in this area is not "this would improve public safety in situations where it's used properly," but rather "how could this be misused, and what responsibility could the IETF wind up bearing for that misuse."
_______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
